user_windows
Manages local Windows user accounts via net user and net localgroup.
Parameters
| Parameter | Required | Default | Description |
|---|---|---|---|
username |
Yes | -- | Username. |
state |
Yes | -- | Desired state: present or absent. |
password |
No | -- | User password (for account creation). |
comment |
No | -- | User description/comment field. |
groups |
No | -- | Comma-separated list of local groups to add the user to. |
States
present-- Ensure the user exists. Creates withnet user <name> /addif missing. Checks and updates group memberships.absent-- Delete the user withnet user <name> /delete.
Idempotency
Checks if the user exists via net user <name>. For existing users, parses the "Local Group Memberships" output to determine which groups need adding. Only creates or modifies when needed.
Examples
Basic
resources:
- name: Deploy user
type: user
username: deploy
groups: "Administrators,Remote Desktop Users"
With password
resources:
- name: Service account
type: user
username: svc-myapp
password: "secret:windows/svc-myapp-password"
comment: "MyApp service account"
Remove a user
resources:
- name: Old user
type: user
username: old-user
state: absent
Platform
Windows only. On Linux, type: user maps to the user executor.
Notes
- Uses
net userfor account creation/deletion andnet localgroupfor group membership. - Group membership comparison is case-insensitive.
- When creating a user with a password, the password is passed as a positional argument to
net user.