community.windows.win_security_policy module – Change local security policy settings
Note
This module is part of the community.windows collection (version 1.10.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.windows
.
To use it in a playbook, specify: community.windows.win_security_policy
.
Parameters
Parameter |
Comments |
---|---|
The ini key of the section or policy name to modify. The module will return an error if this key is invalid. |
|
The ini section the key exists in. If the section does not exist then the module will return an error. Example sections to use are ‘Account Policies’, ‘Local Policies’, ‘Event Log’, ‘Restricted Groups’, ‘System Services’, ‘Registry’ and ‘File System’ If wanting to edit the |
|
The value for the ini key or policy name. If the key takes in a boolean value then 0 = False and 1 = True. |
Notes
Note
This module uses the SecEdit.exe tool to configure the values, more details of the areas and keys that can be configured can be found here https://msdn.microsoft.com/en-us/library/bb742512.aspx.
If you are in a domain environment these policies may be set by a GPO policy, this module can temporarily change these values but the GPO will override it if the value differs.
You can also run
SecEdit.exe /export /cfg C:\temp\output.ini
to view the current policies set on your system.When assigning user rights, use the ansible.windows.win_user_right module instead.
See Also
See also
- ansible.windows.win_user_right
The official documentation on the ansible.windows.win_user_right module.
Examples
- name: Change the guest account name
community.windows.win_security_policy:
section: System Access
key: NewGuestName
value: Guest Account
- name: Set the maximum password age
community.windows.win_security_policy:
section: System Access
key: MaximumPasswordAge
value: 15
- name: Do not store passwords using reversible encryption
community.windows.win_security_policy:
section: System Access
key: ClearTextPassword
value: 0
- name: Enable system events
community.windows.win_security_policy:
section: Event Audit
key: AuditSystemEvents
value: 1
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The log of the SecEdit.exe /configure job that configured the local policies. This is used for debugging purposes on failures. Returned: secedit.exe /import run and change occurred Sample: “Completed 6 percent (0/15) \\tProcess Privilege Rights area.” |
|
The key in the section passed to the module to modify. Returned: success Sample: “NewGuestName” |
|
The return code after a failure when running SecEdit.exe. Returned: failure with secedit calls Sample: -1 |
|
The section passed to the module to modify. Returned: success Sample: “System Access” |
|
The output of the STDERR buffer after a failure when running SecEdit.exe. Returned: failure with secedit calls Sample: “failed to import security policy” |
|
The output of the STDOUT buffer after a failure when running SecEdit.exe. Returned: failure with secedit calls Sample: “check log for error details” |
|
The value passed to the module to modify to. Returned: success Sample: “Guest Account” |
Authors
Jordan Borean (@jborean93)