Try SpotterGet information about the current user and process
| "added in version" 2.5 of ansible.builtin"
Authors: Jordan Borean (@jborean93)
preview | supported by community
pipInstall with pip install ansible==2.9.27
Designed to return the same information as the C(whoami /all) command.
Also includes information missing from C(whoami) such as logon metadata like logon rights, id, type.
- name: Get whoami information win_whoami:
account:
contains:
account_name:
description: The account name of the account SID.
returned: success
sample: Administrator
type: str
domain_name:
description: The domain name of the account SID.
returned: success
sample: DOMAIN
type: str
sid:
description: The SID in string form.
returned: success
sample: S-1-5-21-1654078763-769949647-2968445802-500
type: str
type:
description: The type of SID.
returned: success
sample: User
type: str
description: The running account SID details.
returned: success
type: complex
authentication_package:
description: The name of the authentication package used to authenticate the user
in the session.
returned: success
sample: Negotiate
type: str
dns_domain_name:
description: The DNS name of the logon session, this is an empty string if this
is not set.
returned: success
sample: DOMAIN.COM
type: str
groups:
description: A list of groups and attributes that the user is a member of.
returned: success
sample:
- account_name: Domain Users
attributes:
- Mandatory
- Enabled by default
- Enabled
domain_name: DOMAIN
sid: S-1-5-21-1654078763-769949647-2968445802-513
type: Group
- account_name: Administrators
attributes:
- Mandatory
- Enabled by default
- Enabled
- Owner
domain_name: BUILTIN
sid: S-1-5-32-544
type: Alias
type: list
impersonation_level:
description: The impersonation level of the token, only valid if C(token_type) is
C(TokenImpersonation), see U(https://msdn.microsoft.com/en-us/library/windows/desktop/aa379572.aspx).
returned: success
sample: SecurityAnonymous
type: str
label:
contains:
account_name:
description: The account name of the label SID.
returned: success
sample: High Mandatory Level
type: str
domain_name:
description: The domain name of the label SID.
returned: success
sample: Mandatory Label
type: str
sid:
description: The SID in string form.
returned: success
sample: S-1-16-12288
type: str
type:
description: The type of SID.
returned: success
sample: Label
type: str
description: The mandatory label set to the logon session.
returned: success
type: complex
login_domain:
description: The name of the domain used to authenticate the owner of the session.
returned: success
sample: DOMAIN
type: str
login_time:
description: The logon time in ISO 8601 format
returned: success
sample: '2017-11-27T06:24:14.3321665+10:00'
type: str
logon_id:
description: The unique identifier of the logon session.
returned: success
sample: 20470143
type: int
logon_server:
description: The name of the server used to authenticate the owner of the logon
session.
returned: success
sample: DC01
type: str
logon_type:
description: The logon type that identifies the logon method, see U(https://msdn.microsoft.com/en-us/library/windows/desktop/aa380129.aspx).
returned: success
sample: Network
type: str
privileges:
description: A dictionary of privileges and their state on the logon token.
returned: success
sample:
SeChangeNotifyPrivileges: enabled-by-default
SeDebugPrivilege: enabled
SeRemoteShutdownPrivilege: disabled
type: dict
rights:
description: A list of logon rights assigned to the logon.
returned: success and running user is a member of the local Administrators group
sample:
- SeNetworkLogonRight
- SeInteractiveLogonRight
- SeBatchLogonRight
- SeRemoteInteractiveLogonRight
type: list
token_type:
description: The token type to indicate whether it is a primary or impersonation
token.
returned: success
sample: TokenPrimary
type: str
upn:
description: The user principal name of the current user.
returned: success
sample: Administrator@DOMAIN.COM
type: str
user_flags:
description: The user flags for the logon session, see UserFlags in U(https://msdn.microsoft.com/en-us/library/windows/desktop/aa380128).
returned: success
sample: Winlogon
type: str