Try SpotterUsed to make changes to the system wide Audit Policy
| "added in version" 2.5 of ansible.builtin"
Authors: Noah Sparks (@nwsparks)
preview | supported by community
pipInstall with pip install ansible==2.7.18
Used to make changes to the system wide Audit Policy.
It is recommended to take a backup of the policies before adjusting them for the first time.
See this page for in depth information U(https://technet.microsoft.com/en-us/library/cc766468.aspx).
- name: enable failure auditing for the subcategory "File System"
win_audit_policy_system:
subcategory: File System
audit_type: failure
- name: enable all auditing types for the category "Account logon events"
win_audit_policy_system:
category: Account logon events
audit_type: success, failure
- name: disable auditing for the subcategory "File System"
win_audit_policy_system:
subcategory: File System
audit_type: none
category:
description:
- Single string value for the category you would like to adjust the policy on.
- Cannot be used with I(subcategory). You must define one or the other.
- Changing this setting causes all subcategories to be adjusted to the defined I(audit_type).
audit_type:
choices:
- failure
- none
- success
description:
- The type of event you would like to audit for.
- Accepts a list. See examples.
required: true
type: list
subcategory:
description:
- Single string value for the subcategory you would like to adjust the policy on.
- Cannot be used with I(category). You must define one or the other.
current_audit_policy:
description: details on the policy being targetted
returned: always
sample: "{\n \"File Share\":\"failure\"\n}"
type: dictionary