search

ansible-collections / community.windows

Windows community collection for Ansible
https://galaxy.ansible.com/community/windows
GNU General Public License v3.0
199 stars 153 forks source link

win_scheduled_task: Task creation fails when using password logon type and "." for user domain #453

Open dalgarin opened 1 year ago

dalgarin commented 1 year ago
SUMMARY

When creating a scheduled task with the password logon_type and specifying username using the ".\username" format for a local Windows user account, task creation fails with the following error: FAILED! => {"changed": true, "msg": "failed to modify scheduled task: (22,8):UserId:"}

Digging further, it appears that tasks are created in two steps, with the task shell being created first and then the task details being updated later. Because the username and password fields are not specified during the "shell" creation, the job is created but without the correct properties.

Additional Info: When creating the task using the interactive_token logon_type (instead of password logon_type) and specifying the username using the ".\username" format for a local Windows user account, task is created successfully. In this scenario, only the account SID is required and the Convert-ToSID cmdlet properly handles the ".\username" format when resolving the SID.

However, when using the password logon_type and specifying the username using the ".\username" format, the ".\username" is passed directly to the RegisterTaskDefinition method of the Schedule.Service COM object. It appears that this is where the failure originates.

Workaround: Can workaround the issue bay specifying the "computername\username" format for the username. However, the ".\" reference for specifying a local Windows user should be supported and is supported in other functions. Using the ".\username" format via the Task Scheduler UI works as expected.

ISSUE TYPE
COMPONENT NAME

win_scheduled_task.ps1

ANSIBLE VERSION
ansible [core 2.13.4]
  config file = /etc/ansible/ansible-nocache.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
  ansible collection location = /usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.10.6 (main, Aug 10 2022, 11:40:04) [GCC 11.3.0]
  jinja version = 3.1.2
  libyaml = False
COLLECTION VERSION
# /usr/share/ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.windows 1.10.0

# /usr/local/lib/python3.10/dist-packages/ansible_collections
Collection        Version
----------------- -------
community.windows 1.10.0
CONFIGURATION
ANSIBLE_NOCOWS(/etc/ansible/ansible.cfg) = True
ANSIBLE_PIPELINING(/etc/ansible/ansible.cfg) = True
CALLBACKS_ENABLED(/etc/ansible/ansible.cfg) = ['datadog_callback']
COLLECTIONS_PATHS(/etc/ansible/ansible.cfg) = ['/usr/share/ansible/collections']
DEFAULT_FORKS(/etc/ansible/ansible.cfg) = 50
DEFAULT_GATHER_TIMEOUT(/etc/ansible/ansible.cfg) = 20
DEFAULT_POLL_INTERVAL(/etc/ansible/ansible.cfg) = 5
DEFAULT_REMOTE_USER(/etc/ansible/ansible.cfg) = ansible
DEFAULT_ROLES_PATH(/etc/ansible/ansible.cfg) = ['/etc/ansible/roles']
DEFAULT_STRATEGY_PLUGIN_PATH(/etc/ansible/ansible.cfg) = ['/usr/local/lib/python3.10/dist-packages/ansible_mitogen/plugins/strategy']
DEFAULT_TIMEOUT(/etc/ansible/ansible.cfg) = 20
DISPLAY_SKIPPED_HOSTS(/etc/ansible/ansible.cfg) = False
HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False
PERSISTENT_COMMAND_TIMEOUT(/etc/ansible/ansible.cfg) = 30
PERSISTENT_CONNECT_TIMEOUT(/etc/ansible/ansible.cfg) = 40
RETRY_FILES_ENABLED(/etc/ansible/ansible.cfg) = False
OS / ENVIRONMENT

Target host is running Windows Server 2019.

STEPS TO REPRODUCE

Use win_scheduled_task to create a scheduled task using the password logon_type and specifying the username with the ".\username" format to specify a local Windows user. 

- name: "Create Windows Task" 
  win_scheduled_task:
    name: "test_task"
    logon_type: "password"
    username: '.\{{ service_user }}'
    password: '{{ service_password }}'
    actions:
    - path: '{{ path_to_executable }}'
      arguments: "/home"
    triggers:
    - type: "boot"
      repetition: 
        interval: "PT1H"
        stop_at_duration_end : no
      execution_time_limit: "PT0S"
    allow_hard_terminate: yes
    allow_demand_start: yes
    execution_time_limit: "PT0S"
    multiple_instances: 2
    state: present
    enabled: yes
EXPECTED RESULTS

Task is created successfully.

ACTUAL RESULTS

Task creation fails with generic error below. Note: Extra verbosity provides no additional information regarding the command/error.

FAILED! => {"changed": true, "msg": "failed to modify scheduled task: (22,8):UserId:"}