redirecting (type: modules) ansible.builtin.win_user_right to ansible.windows.win_user_right
Using module file /home/user/.ansible/lib/python3.8/site-packages/ansible_collections/ansible/windows/plugins/modules/win_user_right.ps1
Pipelining is enabled.
<10.x.x.x> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT 5985 TO 10.x.x.x
EXEC (via pipeline wrapper)
The full traceback is:
Cannot bind argument to parameter 'InputObject' because it is an empty string.
At line:346 char:34
+ $userSids = [String[]]@($users | ConvertTo-SecurityIdentifier | ForEa ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [ConvertTo-SecurityIdentifier], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,ConvertTo-SecurityIdentifier
ScriptStackTrace:
at <ScriptBlock>, <No file>: line 346
System.Management.Automation.ParameterBindingValidationException: Cannot bind argument to parameter 'InputObject' because it is an empty string.
at System.Management.Automation.CmdletParameterBinderController.BindValueFromPipeline(PSObject inputToOperateOn, MergedCompiledCommandParameter parameter, ParameterBindingFlags flags)
at System.Management.Automation.CmdletParameterBinderController.BindUnboundParametersForBindingStateInParameterSet(PSObject inputToOperateOn, CurrentlyBinding currentlyBinding, UInt32 validParameterSets)
at System.Management.Automation.CmdletParameterBinderController.BindUnboundParametersForBindingState(PSObject inputToOperateOn, CurrentlyBinding currentlyBinding, UInt32 validParameterSets)
at System.Management.Automation.CmdletParameterBinderController.BindPipelineParametersPrivate(PSObject inputToOperateOn)
at System.Management.Automation.CmdletParameterBinderController.BindPipelineParameters(PSObject inputToOperateOn)
at System.Management.Automation.CommandProcessor.Read()
fatal: [x.testing.x.x]: FAILED! => {
"changed": false,
"msg": "Unhandled exception while executing module: Cannot bind argument to parameter 'InputObject' because it is an empty string."
}
Thanks for raising the issue. I will work on getting this at least into devel. The same issue was in the 2016-CIS and impacted a few tasks. I'll do the same fix here.
https://github.com/ansible-lockdown/Windows-2019-CIS/blob/devel/tasks/section02.yml#L626
should be
users: []