Win setup fix 2.8 (#59211)
* Wrap Get-MachineSid's body in a try/catch It's not critical information and there's been a number of issues over the years with trying to retrieve it. If an exception is thrown just return null. Fixes: #47813 (cherry picked from commitb8a41a90b8
) * add changelog (cherry picked from commit277690bcc6
)
This commit is contained in:
parent
4f939d4b2b
commit
a2d6f9acd9
2 changed files with 22 additions and 14 deletions
2
changelogs/fragments/58483-win_setup_resilience.yml
Normal file
2
changelogs/fragments/58483-win_setup_resilience.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
bugfixes:
|
||||
- setup (Windows) - prevent setup module failure if Get-MachineSid fails (https://github.com/ansible/ansible/issues/47813)
|
|
@ -29,22 +29,28 @@ Function Get-MachineSid {
|
|||
# only accessible by the Local System account. This method get's the local
|
||||
# admin account (ends with -500) and lops it off to get the machine sid.
|
||||
|
||||
$admins_sid = "S-1-5-32-544"
|
||||
$admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value
|
||||
|
||||
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
|
||||
$principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
|
||||
$group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group)
|
||||
$searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal)
|
||||
$groups = $searcher.FindOne()
|
||||
|
||||
$machine_sid = $null
|
||||
foreach ($user in $groups.Members) {
|
||||
$user_sid = $user.Sid
|
||||
if ($user_sid.Value.EndsWith("-500")) {
|
||||
$machine_sid = $user_sid.AccountDomainSid.Value
|
||||
break
|
||||
|
||||
try {
|
||||
$admins_sid = "S-1-5-32-544"
|
||||
$admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value
|
||||
|
||||
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
|
||||
$principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
|
||||
$group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group)
|
||||
$searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal)
|
||||
$groups = $searcher.FindOne()
|
||||
|
||||
foreach ($user in $groups.Members) {
|
||||
$user_sid = $user.Sid
|
||||
if ($user_sid.Value.EndsWith("-500")) {
|
||||
$machine_sid = $user_sid.AccountDomainSid.Value
|
||||
break
|
||||
}
|
||||
}
|
||||
} catch {
|
||||
#can fail for any number of reasons, if it does just return the original null
|
||||
Add-Warning -obj $result -message "Error during machine sid retrieval: $($_.Exception.Message)"
|
||||
}
|
||||
|
||||
return $machine_sid
|
||||
|
|
Loading…
Reference in a new issue