ansible.windows.win_whoami – Get information about the current user and process
Note
This plugin is part of the ansible.windows collection (version 1.7.3).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install ansible.windows.
To use it in a playbook, specify: ansible.windows.win_whoami.
Synopsis
- Designed to return the same information as the
whoami /allcommand. - Also includes information missing from
whoamisuch as logon metadata like logon rights, id, type.
Notes
Note
- If running this module with a non admin user, the logon rights will be an empty list as Administrator rights are required to query LSA for the information.
See Also
See also
- community.windows.win_credential
-
The official documentation on the community.windows.win_credential module.
- ansible.windows.win_group_membership
-
The official documentation on the ansible.windows.win_group_membership module.
- ansible.windows.win_user_right
-
The official documentation on the ansible.windows.win_user_right module.
Examples
- name: Get whoami information
ansible.windows.win_whoami:
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
| account
complex
|
success |
The running account SID details.
|
|
| account_name
string
|
success |
The account name of the account SID.
Sample:
Administrator
|
|
| domain_name
string
|
success |
The domain name of the account SID.
Sample:
DOMAIN
|
|
| sid
string
|
success |
The SID in string form.
Sample:
S-1-5-21-1654078763-769949647-2968445802-500
|
|
| type
string
|
success |
The type of SID.
Sample:
User
|
|
| authentication_package
string
|
success |
The name of the authentication package used to authenticate the user in the session.
Sample:
Negotiate
|
|
| dns_domain_name
string
|
success |
The DNS name of the logon session, this is an empty string if this is not set.
Sample:
DOMAIN.COM
|
|
| groups
list / elements=string
|
success |
A list of groups and attributes that the user is a member of.
Sample:
[{'account_name': 'Domain Users', 'attributes': ['Mandatory', 'Enabled by default', 'Enabled'], 'domain_name': 'DOMAIN', 'sid': 'S-1-5-21-1654078763-769949647-2968445802-513', 'type': 'Group'}, {'account_name': 'Administrators', 'attributes': ['Mandatory', 'Enabled by default', 'Enabled', 'Owner'], 'domain_name': 'BUILTIN', 'sid': 'S-1-5-32-544', 'type': 'Alias'}]
|
|
| impersonation_level
string
|
success |
The impersonation level of the token, only valid if token_type is TokenImpersonation, see https://msdn.microsoft.com/en-us/library/windows/desktop/aa379572.aspx.
Sample:
SecurityAnonymous
|
|
| label
complex
|
success |
The mandatory label set to the logon session.
|
|
| account_name
string
|
success |
The account name of the label SID.
Sample:
High Mandatory Level
|
|
| domain_name
string
|
success |
The domain name of the label SID.
Sample:
Mandatory Label
|
|
| sid
string
|
success |
The SID in string form.
Sample:
S-1-16-12288
|
|
| type
string
|
success |
The type of SID.
Sample:
Label
|
|
| login_domain
string
|
success |
The name of the domain used to authenticate the owner of the session.
Sample:
DOMAIN
|
|
| login_time
string
|
success |
The logon time in ISO 8601 format
Sample:
2017-11-27T06:24:14.3321665+10:00
|
|
| logon_id
integer
|
success |
The unique identifier of the logon session.
Sample:
20470143
|
|
| logon_server
string
|
success |
The name of the server used to authenticate the owner of the logon session.
Sample:
DC01
|
|
| logon_type
string
|
success |
The logon type that identifies the logon method, see https://msdn.microsoft.com/en-us/library/windows/desktop/aa380129.aspx.
Sample:
Network
|
|
| privileges
dictionary
|
success |
A dictionary of privileges and their state on the logon token.
Sample:
{'SeChangeNotifyPrivileges': 'enabled-by-default', 'SeDebugPrivilege': 'enabled', 'SeRemoteShutdownPrivilege': 'disabled'}
|
|
| rights
list / elements=string
|
success and running user is a member of the local Administrators group |
A list of logon rights assigned to the logon.
Sample:
['SeNetworkLogonRight', 'SeInteractiveLogonRight', 'SeBatchLogonRight', 'SeRemoteInteractiveLogonRight']
|
|
| token_type
string
|
success |
The token type to indicate whether it is a primary or impersonation token.
Sample:
TokenPrimary
|
|
| upn
string
|
success |
The user principal name of the current user.
Sample:
Administrator@DOMAIN.COM
|
|
| user_flags
string
|
success |
The user flags for the logon session, see UserFlags in https://msdn.microsoft.com/en-us/library/windows/desktop/aa380128.
Sample:
Winlogon
|
|
Authors
- Jordan Borean (@jborean93)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ansible/windows/win_whoami_module.html