win_security_policy - Change local security policy settings¶
New in version 2.4.
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
key
required |
The ini key of the section or policy name to modify.
The module will return an error if this key is invalid.
|
|
|
section
required |
The ini section the key exists in.
If the section does not exist then the module will return an error.
Example sections to use are 'Account Policies', 'Local Policies', 'Event Log', 'Restricted Groups', 'System Services', 'Registry' and 'File System'
If wanting to edit the
Privilege Rights section, use the win_user_right module instead. |
|
|
value
required |
The value for the ini key or policy name.
If the key takes in a boolean value then 0 = False and 1 = True.
|
Notes¶
Note
- This module uses the SecEdit.exe tool to configure the values, more details of the areas and keys that can be configured can be found here https://msdn.microsoft.com/en-us/library/bb742512.aspx.
- If you are in a domain environment these policies may be set by a GPO policy, this module can temporarily change these values but the GPO will override it if the value differs.
- You can also run
SecEdit.exe /export /cfg C:\temp\output.inito view the current policies set on your system. - When assigning user rights, use the win_user_right module instead.
Examples¶
- name: change the guest account name
win_security_policy:
section: System Access
key: NewGuestName
value: Guest Account
- name: set the maximum password age
win_security_policy:
section: System Access
key: MaximumPasswordAge
value: 15
- name: do not store passwords using reversible encryption
win_security_policy:
section: System Access
key: ClearTextPassword
value: 0
- name: enable system events
win_security_policy:
section: Event Audit
key: AuditSystemEvents
value: 1
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
import_log
string
|
secedit.exe /import run and change occurred |
The log of the SecEdit.exe /configure job that configured the local policies. This is used for debugging purposes on failures.
Sample:
Completed 6 percent (0/15) \tProcess Privilege Rights area.
|
|
key
string
|
success |
The key in the section passed to the module to modify.
Sample:
NewGuestName
|
|
rc
int
|
failure with secedit calls |
The return code after a failure when running SecEdit.exe.
Sample:
-1
|
|
section
string
|
success |
The section passed to the module to modify.
Sample:
System Access
|
|
stderr
string
|
failure with secedit calls |
The output of the STDERR buffer after a failure when running SecEdit.exe.
Sample:
failed to import security policy
|
|
stdout
string
|
failure with secedit calls |
The output of the STDOUT buffer after a failure when running SecEdit.exe.
Sample:
check log for error details
|
|
value
string
|
success |
The value passed to the module to modify to.
Sample:
Guest Account
|
Status¶
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance¶
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Author¶
- Jordan Borean (@jborean93)
Hint
If you notice any issues in this documentation you can edit this document to improve it.