first commit

windows_find-all-adminprocesses.yml

@@ -0,0 +1,30 @@
+---
+- name: run automation for windows
+  gather_facts: no
+  hosts: all
+  become_method: runas
+  tasks:
+    - name: Domain Administrator Inspection via PowerShell
+      ansible.windows.win_powershell:
+        script: |
+          Get-WmiObject win32_service | Where-Object {
+            $_.StartName -Match "Administrator"
+          } | Select-Object SystemName,Name,StartName,State
+          Get-WmiObject win32_process | Where-Object {
+            $_.GetOwner().User -Match "Administrator" -And`
+            $_.ProcessName -NotMatch "cmd.exe|powershell.exe|winrshost.exe|conhost.exe"
+          } | Select-Object CSName,ProcessName,@{Name="User"; Expression={ $_.GetOwner().User }}
+          Get-ScheduledTask | Where-Object {
+            $_.Principal.UserId -Match "Administrator" -And`
+            $_.Principal.LogonType -Eq "Password"
+          } | Select-Object TaskName,State,TaskPath,@{Name="User"; Expression={ $_.Principal.UserId }}
+      register: script_return
+    - name: Output
+      debug:
+        msg: "{{ script_return.output }}"
+      when: script_return.output
+
+    
+
+
+