community.windows.win_security_policy (2.2.0) — module

Install collection

Install with ansible-galaxy collection install community.windows:==2.2.0

Add to requirements.yml

  collections:
    - name: community.windows
      version: 2.2.0

Description

Allows you to set the local security policies that are configured by SecEdit.exe.

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Change the guest account name
  community.windows.win_security_policy:
    section: System Access
    key: NewGuestName
    value: Guest Account

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Set the maximum password age
  community.windows.win_security_policy:
    section: System Access
    key: MaximumPasswordAge
    value: 15

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Do not store passwords using reversible encryption
  community.windows.win_security_policy:
    section: System Access
    key: ClearTextPassword
    value: 0

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Enable system events
  community.windows.win_security_policy:
    section: Event Audit
    key: AuditSystemEvents
    value: 1

Inputs

    
key:
    description:
    - The ini key of the section or policy name to modify.
    - The module will return an error if this key is invalid.
    required: true
    type: str

value:
    description:
    - The value for the ini key or policy name.
    - If the key takes in a boolean value then 0 = False and 1 = True.
    required: true
    type: str

section:
    description:
    - The ini section the key exists in.
    - If the section does not exist then the module will return an error.
    - Example sections to use are 'Account Policies', 'Local Policies', 'Event Log', 'Restricted
      Groups', 'System Services', 'Registry' and 'File System'
    - If wanting to edit the C(Privilege Rights) section, use the M(ansible.windows.win_user_right)
      module instead.
    required: true
    type: str

Outputs

import_log:
  description: The log of the SecEdit.exe /configure job that configured the local
    policies. This is used for debugging purposes on failures.
  returned: secedit.exe /import run and change occurred
  sample: Completed 6 percent (0/15) \tProcess Privilege Rights area.
  type: str
key:
  description: The key in the section passed to the module to modify.
  returned: success
  sample: NewGuestName
  type: str
rc:
  description: The return code after a failure when running SecEdit.exe.
  returned: failure with secedit calls
  sample: -1
  type: int
section:
  description: The section passed to the module to modify.
  returned: success
  sample: System Access
  type: str
stderr:
  description: The output of the STDERR buffer after a failure when running SecEdit.exe.
  returned: failure with secedit calls
  sample: failed to import security policy
  type: str
stdout:
  description: The output of the STDOUT buffer after a failure when running SecEdit.exe.
  returned: failure with secedit calls
  sample: check log for error details
  type: str
value:
  description: The value passed to the module to modify to.
  returned: success
  sample: Guest Account
  type: str

See also

• ansible.windows.win_user_right