Try SpotterUsed to make changes to the system wide Audit Policy
Authors: Noah Sparks (@nwsparks)
Install with ansible-galaxy collection install community.windows:==2.2.0
collections:
- name: community.windows
version: 2.2.0Used to make changes to the system wide Audit Policy.
- name: Enable failure auditing for the subcategory "File System"
community.windows.win_audit_policy_system:
subcategory: File System
audit_type: failure
- name: Enable all auditing types for the category "Account logon events"
community.windows.win_audit_policy_system:
category: Account logon events
audit_type: success, failure
- name: Disable auditing for the subcategory "File System"
community.windows.win_audit_policy_system:
subcategory: File System
audit_type: none
category:
description:
- Single string value for the category you would like to adjust the policy on.
- Cannot be used with I(subcategory). You must define one or the other.
- Changing this setting causes all subcategories to be adjusted to the defined I(audit_type).
type: str
audit_type:
choices:
- failure
- none
- success
description:
- The type of event you would like to audit for.
- Accepts a list. See examples.
elements: str
required: true
type: list
subcategory:
description:
- Single string value for the subcategory you would like to adjust the policy on.
- Cannot be used with I(category). You must define one or the other.
type: str
current_audit_policy:
description: details on the policy being targetted
returned: always
sample: "{\n \"File Share\":\"failure\"\n}"
type: dict