win_security_policy – Change local security policy settings

From Get docs
Ansible/docs/2.8/modules/win security policy module


win_security_policy – Change local security policy settings

New in version 2.4.


Synopsis

  • Allows you to set the local security policies that are configured by SecEdit.exe.

Parameters

Parameter Choices/Defaults Comments

key

string / required

The ini key of the section or policy name to modify.

The module will return an error if this key is invalid.

section

string / required

The ini section the key exists in.

If the section does not exist then the module will return an error.

Example sections to use are 'Account Policies', 'Local Policies', 'Event Log', 'Restricted Groups', 'System Services', 'Registry' and 'File System'

If wanting to edit the Privilege Rights section, use the win_user_right module instead.

value

string / required

The value for the ini key or policy name.

If the key takes in a boolean value then 0 = False and 1 = True.



Notes

Note

  • This module uses the SecEdit.exe tool to configure the values, more details of the areas and keys that can be configured can be found here https://msdn.microsoft.com/en-us/library/bb742512.aspx.
  • If you are in a domain environment these policies may be set by a GPO policy, this module can temporarily change these values but the GPO will override it if the value differs.
  • You can also run SecEdit.exe /export /cfg C:\temp\output.ini to view the current policies set on your system.
  • When assigning user rights, use the win_user_right module instead.


See Also

See also

win_user_right – Manage Windows User Rights
The official documentation on the win_user_right module.


Examples

- name: Change the guest account name
  win_security_policy:
    section: System Access
    key: NewGuestName
    value: Guest Account

- name: Set the maximum password age
  win_security_policy:
    section: System Access
    key: MaximumPasswordAge
    value: 15

- name: Do not store passwords using reversible encryption
  win_security_policy:
    section: System Access
    key: ClearTextPassword
    value: 0

- name: Enable system events
  win_security_policy:
    section: Event Audit
    key: AuditSystemEvents
    value: 1

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

import_log

string

secedit.exe /import run and change occurred

The log of the SecEdit.exe /configure job that configured the local policies. This is used for debugging purposes on failures.


Sample:

Completed 6 percent (0/15) \tProcess Privilege Rights area.

key

string

success

The key in the section passed to the module to modify.


Sample:

NewGuestName

rc

integer

failure with secedit calls

The return code after a failure when running SecEdit.exe.


Sample:

-1

section

string

success

The section passed to the module to modify.


Sample:

System Access

stderr

string

failure with secedit calls

The output of the STDERR buffer after a failure when running SecEdit.exe.


Sample:

failed to import security policy

stdout

string

failure with secedit calls

The output of the STDOUT buffer after a failure when running SecEdit.exe.


Sample:

check log for error details

value

string

success

The value passed to the module to modify to.


Sample:

Guest Account




Status

Authors

  • Jordan Borean (@jborean93)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/win_security_policy_module.html