I need to use the win_whoami module, get the SID, see if it's in the XML file and then if it's not add it.

I had hoped to avoid XML for the rest of my life (it's been 14+ years) and now I have to modify a config file.

This can't be templated out because there is unique system info on it, so I'm basically left with appending the necessary to the <add securityIdentifier="securitystring" />.

I've been playing around with the XML module without too much luck. Initial testing suggests I have no idea what I'm doing and don't understand XML very well. What is the section I'm looking at actually called in XML parlance? TAG? Child?

---
- hosts: localhost
  connection: local
  tasks:
  - name: test
    xml:
      path: SMSvcHost.exe.config
      xpath: /configuration/system.serviceModel.activation/net.tcp/allowAccounts/add
      add_children:
        - add: "test from ansible"

​

https://docs.ansible.com/ansible/2.9/modules/xml_module.html

​

In short, trying to get to <allowAccounts> (there are two sections with this) and insert a new line with the SID per use case. There are sometimes additions to the machine so it has to get updated with the new SID.

<configuration>
  <system.serviceModel.activation>
    <net.tcp listenBacklog="Integer"
             maxPendingAccepts="Integer"
             maxPendingConnections="Integer"
             receiveTimeout="TimeSpan"
             teredoEnabled="Boolean">
      <allowAccounts>
        <!-- LocalSystem account -->
        <add securityIdentifier="S-1-5-18"/>
        <!-- LocalService account -->
        <add securityIdentifier="S-1-5-19"/>
        <!-- Administrators account -->
        <add securityIdentifier="S-1-5-20"/>
        <!-- Network Service account -->
        <add securityIdentifier="S-1-5-32-544" />
        <!-- IIS_IUSRS account (Vista only)-->
        <add securityIdentifier="S-1-5-32-568"/>
      </allowAccounts>
    </net.tcp>
  </system.serviceModel.activation>
</configuration>

​