From f27748feddabc59f7de7c7206d22ea45bdfece3a Mon Sep 17 00:00:00 2001
From: Price Hiller <price@orion-technologies.io>
Date: Sun, 18 Sep 2022 22:41:46 -0500
Subject: [PATCH] finished demo

---
 roles/win-initial-setup/tasks/main.yml | 32 +++++++++++++++++++++++---
 tasks/set-windows-features.yml         |  4 ++--
 2 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/roles/win-initial-setup/tasks/main.yml b/roles/win-initial-setup/tasks/main.yml
index 8c65f22..b2a3f8b 100644
--- a/roles/win-initial-setup/tasks/main.yml
+++ b/roles/win-initial-setup/tasks/main.yml
@@ -12,15 +12,15 @@
       ASPNETCORE_ENVIRONMENT: "{{ devops_env }}"
       DOTNET_ENVIRONMENT: "{{ devops_env }}"
 
-- name: Install Framework 4.8
+- name: Ensure Framework 4.8 is Installed
   ansible.builtin.import_tasks: install-dotnet-framework.yml
 
-- name: Install Latest Microsoft Edge
+- name: Ensure Latest Microsoft Edge is Installed
   chocolatey.chocolatey.win_chocolatey:
     name: microsoft-edge
     state: latest
 
-- name: Create IIS Log Retention Task
+- name: Ensure IIS Log Retention Task Exists
   community.windows.win_scheduled_task:
     state: present
     enabled: true
@@ -78,3 +78,29 @@
     members:
       - svc-rmagent
     state: present
+
+- name: Ensure DL_ISG_WEB Group Exists
+  ansible.windows.win_group:
+    name: DL_ISG_WEB
+    state: present
+
+- name: Ensure ISG Team & Admin Have Proper Log Permissions
+  ansible.windows.win_acl:
+    path: "{{ item.path }}"
+    user: "{{ item.user }}"
+    type: allow
+    rights: "{{ item.rights }}"
+    state: present
+  loop:
+    - user: DL_ISG_WEB
+      path: C:\IISLogs
+      rights: Read
+    - user: DL_ISG_WEB
+      path: C:\Logs
+      rights: Read
+    - user: Administrators
+      path: C:\IISLogs
+      rights: FullControl
+    - user: Administrators
+      path: C:\Logs
+      rights: FullControl
diff --git a/tasks/set-windows-features.yml b/tasks/set-windows-features.yml
index 5f2683c..b1bb084 100644
--- a/tasks/set-windows-features.yml
+++ b/tasks/set-windows-features.yml
@@ -1,12 +1,12 @@
 ---
-- name: Install Desired Windows Features
+- name: Ensure Desired Windows Features Are Installed
   ansible.windows.win_feature:
     name: "{{ desired_features }}"
     state: present
     include_management_tools: true
   register: installed_features
 
-- name: Remove Undesired Windows Features
+- name: Ensure Undesired Windows Features Are Removed
   ansible.windows.win_feature:
     name: "{{ undesired_features }}"
     state: absent