Deny rights always override Allow rights in Windows ACLs. If a user is a member of the Administrator group *AND* the Users group the deny you applied on the 2nd win_acl task will cause an access is denied message. I'm pretty sure by default an Admin account is a member of both and that's probably what is tripping you up.
As a side note, it's better not not apply FullControl as a right but use the granular entries to give the user only what they need. That's probably something you can look into once this is all working and you have a better understanding of the whole ACL side. Thanks Jordan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c405932a-3f94-41dd-b2fd-456b40383499%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
