ansible.windows.win_whoami – Get information about the current user and process
Note
This plugin is part of the ansible.windows collection (version 1.3.0).
To install it use: ansible-galaxy collection install ansible.windows.
To use it in a playbook, specify: ansible.windows.win_whoami.
Synopsis
- Designed to return the same information as the
whoami /allcommand. - Also includes information missing from
whoamisuch as logon metadata like logon rights, id, type.
Notes
Note
- If running this module with a non admin user, the logon rights will be an empty list as Administrator rights are required to query LSA for the information.
See Also
See also
- community.windows.win_credential
-
The official documentation on the community.windows.win_credential module.
- ansible.windows.win_group_membership
-
The official documentation on the ansible.windows.win_group_membership module.
- ansible.windows.win_user_right
-
The official documentation on the ansible.windows.win_user_right module.
Examples
- name: Get whoami information ansible.windows.win_whoami:
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
| account complex | success | The running account SID details. | |
| account_name string | success | The account name of the account SID. Sample: Administrator | |
| domain_name string | success | The domain name of the account SID. Sample: DOMAIN | |
| sid string | success | The SID in string form. Sample: S-1-5-21-1654078763-769949647-2968445802-500 | |
| type string | success | The type of SID. Sample: User | |
| authentication_package string | success | The name of the authentication package used to authenticate the user in the session. Sample: Negotiate | |
| dns_domain_name string | success | The DNS name of the logon session, this is an empty string if this is not set. Sample: DOMAIN.COM | |
| groups list / elements=string | success | A list of groups and attributes that the user is a member of. Sample: [{'account_name': 'Domain Users', 'attributes': ['Mandatory', 'Enabled by default', 'Enabled'], 'domain_name': 'DOMAIN', 'sid': 'S-1-5-21-1654078763-769949647-2968445802-513', 'type': 'Group'}, {'account_name': 'Administrators', 'attributes': ['Mandatory', 'Enabled by default', 'Enabled', 'Owner'], 'domain_name': 'BUILTIN', 'sid': 'S-1-5-32-544', 'type': 'Alias'}] | |
| impersonation_level string | success | The impersonation level of the token, only valid if token_type is TokenImpersonation, see https://msdn.microsoft.com/en-us/library/windows/desktop/aa379572.aspx.Sample: SecurityAnonymous | |
| label complex | success | The mandatory label set to the logon session. | |
| account_name string | success | The account name of the label SID. Sample: High Mandatory Level | |
| domain_name string | success | The domain name of the label SID. Sample: Mandatory Label | |
| sid string | success | The SID in string form. Sample: S-1-16-12288 | |
| type string | success | The type of SID. Sample: Label | |
| login_domain string | success | The name of the domain used to authenticate the owner of the session. Sample: DOMAIN | |
| login_time string | success | The logon time in ISO 8601 format Sample: 2017-11-27T06:24:14.3321665+10:00 | |
| logon_id integer | success | The unique identifier of the logon session. Sample: 20470143 | |
| logon_server string | success | The name of the server used to authenticate the owner of the logon session. Sample: DC01 | |
| logon_type string | success | The logon type that identifies the logon method, see https://msdn.microsoft.com/en-us/library/windows/desktop/aa380129.aspx. Sample: Network | |
| privileges dictionary | success | A dictionary of privileges and their state on the logon token. Sample: {'SeChangeNotifyPrivileges': 'enabled-by-default', 'SeDebugPrivilege': 'enabled', 'SeRemoteShutdownPrivilege': 'disabled'} | |
| rights list / elements=string | success and running user is a member of the local Administrators group | A list of logon rights assigned to the logon. Sample: ['SeNetworkLogonRight', 'SeInteractiveLogonRight', 'SeBatchLogonRight', 'SeRemoteInteractiveLogonRight'] | |
| token_type string | success | The token type to indicate whether it is a primary or impersonation token. Sample: TokenPrimary | |
| upn string | success | The user principal name of the current user. Sample: | |
| user_flags string | success | The user flags for the logon session, see UserFlags in https://msdn.microsoft.com/en-us/library/windows/desktop/aa380128. Sample: Winlogon | |
Authors
- Jordan Borean (@jborean93)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/ansible/windows/win_whoami_module.html