community.windows.win_audit_policy_system module – Used to make changes to the system wide Audit Policy

Note

This module is part of the community.windows collection (version 1.11.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.windows.

To use it in a playbook, specify: community.windows.win_audit_policy_system.

Synopsis

  • Used to make changes to the system wide Audit Policy.

Parameters

Parameter

Comments

audit_type

list / elements=string / required

The type of event you would like to audit for.

Accepts a list. See examples.

Choices:

  • "failure"

  • "none"

  • "success"

category

string

Single string value for the category you would like to adjust the policy on.

Cannot be used with subcategory. You must define one or the other.

Changing this setting causes all subcategories to be adjusted to the defined audit_type.

subcategory

string

Single string value for the subcategory you would like to adjust the policy on.

Cannot be used with category. You must define one or the other.

Notes

Note

See Also

See also

community.windows.win_audit_rule

Adds an audit rule to files, folders, or registry keys.

Examples

- name: Enable failure auditing for the subcategory "File System"
  community.windows.win_audit_policy_system:
    subcategory: File System
    audit_type: failure

- name: Enable all auditing types for the category "Account logon events"
  community.windows.win_audit_policy_system:
    category: Account logon events
    audit_type: success, failure

- name: Disable auditing for the subcategory "File System"
  community.windows.win_audit_policy_system:
    subcategory: File System
    audit_type: none

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

current_audit_policy

dictionary

details on the policy being targetted

Returned: always

Sample: {"File Share": "failure"}

Authors

  • Noah Sparks (@nwsparks)