Note
This plugin is part of the community.windows collection (version 1.7.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.windows.
To use it in a playbook, specify: community.windows.win_audit_rule.
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| audit_flags list / elements=string / required |
| Defines whether to log on failure, success, or both. To log both define as comma separated list "Success, Failure". |
| inheritance_flags list / elements=string |
"ContainerInherit,ObjectInherit" | Defines what objects inside of a folder or registry key will inherit the settings. If you are setting a rule on a file, this value has to be changed to none.For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx. |
| path path / required | Path to the file, folder, or registry key. Registry paths should be in Powershell format, beginning with an abbreviation for the root such as, HKLM:\Software.aliases: dest, destination | |
| propagation_flags string |
| Propagation flag on the audit rules. This value is ignored when the path type is a file. For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx. |
| rights list / elements=string / required | Comma separated list of the rights desired. Only required for adding a rule. If path is a file or directory, rights can be any right under MSDN FileSystemRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemrights.aspx. If path is a registry key, rights can be any right under MSDN RegistryRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.registryrights.aspx. | |
| state string |
| Whether the rule should be present or absent.For absent, only path, user, and state are required. Specifying absent will remove all rules matching the defined user. |
| user string / required | The user or group to adjust rules for. |
See also
The official documentation on the community.windows.win_audit_policy_system module.
- name: Add filesystem audit rule for a folder
community.windows.win_audit_rule:
path: C:\inetpub\wwwroot\website
user: BUILTIN\Users
rights: write,delete,changepermissions
audit_flags: success,failure
inheritance_flags: ContainerInherit,ObjectInherit
- name: Add filesystem audit rule for a file
community.windows.win_audit_rule:
path: C:\inetpub\wwwroot\website\web.config
user: BUILTIN\Users
rights: write,delete,changepermissions
audit_flags: success,failure
inheritance_flags: None
- name: Add registry audit rule
community.windows.win_audit_rule:
path: HKLM:\software
user: BUILTIN\Users
rights: delete
audit_flags: 'success'
- name: Remove filesystem audit rule
community.windows.win_audit_rule:
path: C:\inetpub\wwwroot\website
user: BUILTIN\Users
state: absent
- name: Remove registry audit rule
community.windows.win_audit_rule:
path: HKLM:\software
user: BUILTIN\Users
state: absent
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| current_audit_rules dictionary | always | The current rules on the defined path
Will return "No audit rules defined on path" Sample: { "audit_flags": "Success", "user": "Everyone", "inheritance_flags": "False", "is_inherited": "False", "propagation_flags": "None", "rights": "Delete" } |
| path_type string | always | The type of path being targetted. Will be one of file, directory, registry. |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/windows/win_audit_rule_module.html