Win setup fix 2.8 (#59211)
* Wrap Get-MachineSid's body in a try/catch It's not critical information and there's been a number of issues over the years with trying to retrieve it. If an exception is thrown just return null. Fixes: #47813 (cherry picked from commitb8a41a90b8) * add changelog (cherry picked from commit277690bcc6)
This commit is contained in:
Jordan Borean
Toshio Kuratomi
parent
4f939d4b2b
commit
a2d6f9acd9
2 changed files with 22 additions and 14 deletions
2
changelogs/fragments/58483-win_setup_resilience.yml
Normal file
2
changelogs/fragments/58483-win_setup_resilience.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- setup (Windows) - prevent setup module failure if Get-MachineSid fails (https://github.com/ansible/ansible/issues/47813)
|
||||||
|
|
@ -29,22 +29,28 @@ Function Get-MachineSid {
|
||||||
# only accessible by the Local System account. This method get's the local
|
# only accessible by the Local System account. This method get's the local
|
||||||
# admin account (ends with -500) and lops it off to get the machine sid.
|
# admin account (ends with -500) and lops it off to get the machine sid.
|
||||||
|
|
||||||
$admins_sid = "S-1-5-32-544"
|
|
||||||
$admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value
|
|
||||||
|
|
||||||
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
|
|
||||||
$principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
|
|
||||||
$group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group)
|
|
||||||
$searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal)
|
|
||||||
$groups = $searcher.FindOne()
|
|
||||||
|
|
||||||
$machine_sid = $null
|
$machine_sid = $null
|
||||||
foreach ($user in $groups.Members) {
|
|
||||||
$user_sid = $user.Sid
|
try {
|
||||||
if ($user_sid.Value.EndsWith("-500")) {
|
$admins_sid = "S-1-5-32-544"
|
||||||
$machine_sid = $user_sid.AccountDomainSid.Value
|
$admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value
|
||||||
break
|
|
||||||
|
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
|
||||||
|
$principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
|
||||||
|
$group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group)
|
||||||
|
$searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal)
|
||||||
|
$groups = $searcher.FindOne()
|
||||||
|
|
||||||
|
foreach ($user in $groups.Members) {
|
||||||
|
$user_sid = $user.Sid
|
||||||
|
if ($user_sid.Value.EndsWith("-500")) {
|
||||||
|
$machine_sid = $user_sid.AccountDomainSid.Value
|
||||||
|
break
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
} catch {
|
||||||
|
#can fail for any number of reasons, if it does just return the original null
|
||||||
|
Add-Warning -obj $result -message "Error during machine sid retrieval: $($_.Exception.Message)"
|
||||||
}
|
}
|
||||||
|
|
||||||
return $machine_sid
|
return $machine_sid
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue