win_security_policy – Change local security policy settings¶
New in version 2.4.
- This module uses the SecEdit.exe tool to configure the values, more details of the areas and keys that can be configured can be found here https://msdn.microsoft.com/en-us/library/bb742512.aspx.
- If you are in a domain environment these policies may be set by a GPO policy, this module can temporarily change these values but the GPO will override it if the value differs.
- You can also run
SecEdit.exe /export /cfg C:\temp\output.inito view the current policies set on your system.
- When assigning user rights, use the win_user_right module instead.
- win_user_right – Manage Windows User Rights
- The official documentation on the win_user_right module.
- name: Change the guest account name win_security_policy: section: System Access key: NewGuestName value: Guest Account - name: Set the maximum password age win_security_policy: section: System Access key: MaximumPasswordAge value: 15 - name: Do not store passwords using reversible encryption win_security_policy: section: System Access key: ClearTextPassword value: 0 - name: Enable system events win_security_policy: section: Event Audit key: AuditSystemEvents value: 1
Common return values are documented here, the following are the fields unique to this module: