win_security_policy - changes local security policy settings
New in version 2.4.
Synopsis
- Allows you to set the local security policies that are configured by SecEdit.exe.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
key required | The ini key of the section or policy name to modify. The module will return an error if this key is invalid. | |
section required | The ini section the key exists in. If the section does not exist then the module will return an error. Example sections to use are 'Account Policies', 'Local Policies', 'Event Log', 'Restricted Groups', 'System Services', 'Registry' and 'File System' | |
value required | The value for the ini key or policy name. If the key takes in a boolean value then 0 = False and 1 = True. |
Notes
Note
- This module uses the SecEdit.exe tool to configure the values, more details of the areas and keys that can be configured can be found here https://msdn.microsoft.com/en-us/library/bb742512.aspx.
- If you are in a domain environment these policies may be set by a GPO policy, this module can temporarily change these values but the GPO will override it if the value differs.
- You can also run
SecEdit.exe /export /cfg C:\temp\output.ini
to view the current policies set on your system. - When assigning user rights, use the win_user_right module instead.
Examples
- name: change the guest account name win_security_policy: section: System Access key: NewGuestName value: Guest Account - name: set the maximum password age win_security_policy: section: System Access key: MaximumPasswordAge value: 15 - name: do not store passwords using reversible encryption win_security_policy: section: System Access key: ClearTextPassword value: 0 - name: enable system events win_security_policy: section: Event Audit key: AuditSystemEvents value: 1
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
import_log string | secedit.exe /import run and change occurred | The log of the SecEdit.exe /configure job that configured the local policies. This is used for debugging purposes on failures. Sample: Completed 6 percent (0/15) \tProcess Privilege Rights area. |
key string | success | The key in the section passed to the module to modify. Sample: NewGuestName |
rc int | failure with secedit calls | The return code after a failure when running SecEdit.exe. Sample: -1 |
section string | success | The section passed to the module to modify. Sample: System Access |
stderr string | failure with secedit calls | The output of the STDERR buffer after a failure when running SecEdit.exe. Sample: failed to import security policy |
stdout string | failure with secedit calls | The output of the STDOUT buffer after a failure when running SecEdit.exe. Sample: check log for error details |
value string | success | The value passed to the module to modify to. Sample: Guest Account |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Author
- Jordan Borean (@jborean93)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.5/modules/win_security_policy_module.html