Note
This plugin is part of the community.windows collection (version 1.7.0).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.windows
.
To use it in a playbook, specify: community.windows.win_security_policy
.
Parameter | Choices/Defaults | Comments |
---|---|---|
key string / required | The ini key of the section or policy name to modify. The module will return an error if this key is invalid. | |
section string / required | The ini section the key exists in. If the section does not exist then the module will return an error. Example sections to use are 'Account Policies', 'Local Policies', 'Event Log', 'Restricted Groups', 'System Services', 'Registry' and 'File System' If wanting to edit the Privilege Rights section, use the ansible.windows.win_user_right module instead. | |
value string / required | The value for the ini key or policy name. If the key takes in a boolean value then 0 = False and 1 = True. |
Note
SecEdit.exe /export /cfg C:\temp\output.ini
to view the current policies set on your system.See also
The official documentation on the ansible.windows.win_user_right module.
- name: Change the guest account name community.windows.win_security_policy: section: System Access key: NewGuestName value: Guest Account - name: Set the maximum password age community.windows.win_security_policy: section: System Access key: MaximumPasswordAge value: 15 - name: Do not store passwords using reversible encryption community.windows.win_security_policy: section: System Access key: ClearTextPassword value: 0 - name: Enable system events community.windows.win_security_policy: section: Event Audit key: AuditSystemEvents value: 1
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
import_log string | secedit.exe /import run and change occurred | The log of the SecEdit.exe /configure job that configured the local policies. This is used for debugging purposes on failures. Sample: Completed 6 percent (0/15) \tProcess Privilege Rights area. |
key string | success | The key in the section passed to the module to modify. Sample: NewGuestName |
rc integer | failure with secedit calls | The return code after a failure when running SecEdit.exe. Sample: -1 |
section string | success | The section passed to the module to modify. Sample: System Access |
stderr string | failure with secedit calls | The output of the STDERR buffer after a failure when running SecEdit.exe. Sample: failed to import security policy |
stdout string | failure with secedit calls | The output of the STDOUT buffer after a failure when running SecEdit.exe. Sample: check log for error details |
value string | success | The value passed to the module to modify to. Sample: Guest Account |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/windows/win_security_policy_module.html