The primary reason for not being able to get the SYSTEM token (required for passwordless become on Windows) is your connection user doesn't have the SeDebugPrivilege. This should be assigned to Admins users by default but sometimes custom environment settings remove this privilege. You can use the win_whoami module to check what privileges you account has, or even just 'win_command: whoami /priv'.
On Friday, April 16, 2021 at 12:15:40 AM UTC+10 [email protected] wrote: > We are trying to install patches from Ansible on Windows servers and it > used to work fine well, but recently few changes happened from AD or GPO > which is causing the below error while executing the Windows updates script > from Ansible. > > "Failed to get token for NT AUTHORITY\SYSTEM required for become as a > service account or an account without a password" ---> System.Exception: > Failed to get token for NT AUTHORITY\SYSTEM required for become as a > service account or an account without a password > > "msg": "internal error: failed to become user 'SYSTEM': Exception calling > \"CreateProcessAsUser\" with \"9\" argument(s): \"Failed to get token for > NT AUTHORITY\\SYSTEM required for become as a service account or an account > without a password\" > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/60597a42-2332-407b-9b4f-f9ed84cf0191n%40googlegroups.com.
