---

- name: download script
  raw: '(New-Object -TypeName System.Net.WebClient).DownloadFile("{{ powershell_script_url }}", "{{ powershell_upgrade_script_file }}")'
  changed_when: False
  check_mode: no
  register: download_script

- name: set execution policy
  raw: 'Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force'
  changed_when: False
  check_mode: no
  ignore_errors: yes

- name: delete scheduled task if it exists
  raw: 'SCHTASKS /Delete /TN upgrade'
  args:
    executable: cmd.exe
  changed_when: False
  check_mode: no
  ignore_errors: yes

- name: create a scheduled task to run powershell script
  raw: >
    SCHTASKS /Create /SC MONTHLY /MO first /D SUN /TN upgrade /TR "powershell.exe -Command
    '& {{ powershell_upgrade_script_file }} -Version {{ powershell_target_version }}
    -Username {{ ansible_user }} -Password {{ ansible_password }}'"
  args:
    executable: cmd.exe
  changed_when: False
  check_mode: no

- name: run scheduled task
  raw: 'SCHTASKS /Run /TN upgrade'
  args:
    executable: cmd.exe
  changed_when: False
  check_mode: no

- name: wait for system to reboot after upgrade
  wait_for_connection:
    delay: 300
    sleep: 30
    timeout: 300

- name: delete scheduled task
  win_scheduled_task:
    name: upgrade
    state: absent

- name: delete script
  win_file:
    path: "{{ powershell_upgrade_script_file }}"
    state: absent

- name: ensure auto login is disabled
  win_regedit:
    path: HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    name: AutoAdminLogon
    data: 0
    type: string

- name: ensure auto login creds are removed
  win_regedit:
    path: HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    name: "{{ item }}"
    state: absent
  loop:
    - DefaultUserName
    - DefaultPassword