win_audit_policy_system – Used to make changes to the system wide Audit Policy¶
New in version 2.5.
Synopsis¶
Used to make changes to the system wide Audit Policy.
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
audit_type
list
/ required
|
|
The type of event you would like to audit for.
Accepts a list. See examples.
|
|
category
string
|
Single string value for the category you would like to adjust the policy on.
Cannot be used with subcategory. You must define one or the other.
Changing this setting causes all subcategories to be adjusted to the defined audit_type.
|
|
|
subcategory
string
|
Single string value for the subcategory you would like to adjust the policy on.
Cannot be used with category. You must define one or the other.
|
Notes¶
Note
It is recommended to take a backup of the policies before adjusting them for the first time.
See this page for in depth information https://technet.microsoft.com/en-us/library/cc766468.aspx.
See Also¶
See also
- win_audit_rule – Adds an audit rule to files, folders, or registry keys
The official documentation on the win_audit_rule module.
Examples¶
- name: Enable failure auditing for the subcategory "File System"
win_audit_policy_system:
subcategory: File System
audit_type: failure
- name: Enable all auditing types for the category "Account logon events"
win_audit_policy_system:
category: Account logon events
audit_type: success, failure
- name: Disable auditing for the subcategory "File System"
win_audit_policy_system:
subcategory: File System
audit_type: none
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
current_audit_policy
dictionary
|
always |
details on the policy being targetted
Sample:
{
"File Share":"failure"
}
|
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]