From 0c70de0288208c32279eb6a18efa406472e150f5 Mon Sep 17 00:00:00 2001
From: Simon Baerlocher <s.baerlocher@sbaerlocher.ch>
Date: Thu, 22 Apr 2021 21:24:33 +0200
Subject: [PATCH] add nolog option

---
 CHANGELOG.md                   |  6 ++++++
 tasks/distribution/Windows.yml | 33 +++++++++++++++++----------------
 2 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fe89716..2b32f62 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,12 @@
 This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html)
 and [human-readable changelog](https://keepachangelog.com/en/1.0.0/).
 
+## 1.4.6
+
+### Fixed
+
+- add nolog option
+
 ## 1.4.5
 
 ### Fixed
diff --git a/tasks/distribution/Windows.yml b/tasks/distribution/Windows.yml
index 6f9a396..da8c3dd 100644
--- a/tasks/distribution/Windows.yml
+++ b/tasks/distribution/Windows.yml
@@ -1,18 +1,19 @@
 ---
 # tasks file for arillso.users
 
-- name: 'Windows : check username length'
+- name: "Windows : check username length"
   fail:
-    msg: 'The username can be a maximum of 20 characters long.'
-  when: 'item.username|length>20'
-  with_items: '{{ users }}'
+    msg: "The username can be a maximum of 20 characters long."
+  when: "item.username|length>20"
+  no_log: "{{ true if item.password is defined else false }}"
+  with_items: "{{ users }}"
 
-- name: 'Windows : adding users'
+- name: "Windows : adding users"
   win_user:
-    name: '{{ item.username }}'
-    fullname: '{{ item.name | default(omit) }}'
+    name: "{{ item.username }}"
+    fullname: "{{ item.name | default(omit) }}"
     description: "{{ item.description | default('Windows User') }}"
-    password: '{{ item.password | default(omit) }}'
+    password: "{{ item.password | default(omit) }}"
     groups: "{{ item.groups | default('Benutzer') }}"
     state: "{{ item.state | default('present') }}"
     account_disabled: "{{ item.account_disabled | default('false') }}"
@@ -21,23 +22,23 @@
     password_never_expires: "{{ item.password_never_expires | default('true') }}"
     update_password: "{{ item.update_password | default('on_create') }}"
     password_expired: "{{ item.password_expired | default('false') }}"
-    user_cannot_change_password: '{{ item.user_cannot_change_password | default(false) }}'
-  no_log: '{{ true if item.password is defined else false }}'
-  with_items: '{{ users }}'
+    user_cannot_change_password: "{{ item.user_cannot_change_password | default(false) }}"
+  no_log: "{{ true if item.password is defined else false }}"
+  with_items: "{{ users }}"
 
-- name: 'Windows : hide user accounts from the login screen'
+- name: "Windows : hide user accounts from the login screen"
   win_regedit:
     path: "{{ path }}\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList"
-    name: '{{ item.username }}'
+    name: "{{ item.username }}"
     type: dword
-  with_items: '{{ users }}'
-  no_log: '{{ true if item.password is defined else false }}'
+  with_items: "{{ users }}"
+  no_log: "{{ true if item.password is defined else false }}"
   when: item.hide
   vars:
     path: "HKLM:\\SOFTWARE\\Microsoft\\Windows NT"
 
 # https://superuser.com/questions/182375/always-display-the-last-default-user-windows-7-welcome-screen/182382#182382
-- name: 'Windows : UAC enable'
+- name: "Windows : UAC enable"
   win_regedit:
     path: "{{ path }}\\Windows\\CurrentVersion\\Policies\\CredUI"
     name: EnumerateAdministrators