W3cubDocs

/Ansible

win_security_policy - changes local security policy settings

New in version 2.4.

Synopsis
Options
Examples
Return Values
Notes
- Status

Synopsis

Allows you to set the local security policies that are configured by SecEdit.exe.

Options

parameter	required	comments
key	yes	The ini key of the section or policy name to modify. The module will return an error if this key is invalid.
section	yes	The ini section the key exists in. If the section does not exist then the module will return an error. Example sections to use are 'Account Policies', 'Local Policies', 'Event Log', 'Restricted Groups', 'System Services', 'Registry' and 'File System'
value	yes	The value for the ini key or policy name. If the key takes in a boolean value then 0 = False and 1 = True.

Examples

- name: change the guest account name
  win_security_policy:
    section: System Access
    key: NewGuestName
    value: Guest Account

- name: set the maximum password age
  win_security_policy:
    section: System Access
    key: MaximumPasswordAge
    value: 15

- name: do not store passwords using reversible encryption
  win_security_policy:
    section: System Access
    key: ClearTextPassword
    value: 0

- name: enable system events
  win_security_policy:
    section: Event Audit
    key: AuditSystemEvents
    value: 1

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
key	The key in the section passed to the module to modify.	success	string	NewGuestName
stderr	The output of the STDERR buffer after a failure when running SecEdit.exe.	failure with secedit calls	string	failed to import security policy
stdout	The output of the STDOUT buffer after a failure when running SecEdit.exe.	failure with secedit calls	string	check log for error details
section	The section passed to the module to modify.	success	string	System Access
rc	The return code after a failure when running SecEdit.exe.	failure with secedit calls	int	-1
import_log	The log of the SecEdit.exe /configure job that configured the local policies. This is used for debugging purposes on failures.	secedit.exe /import run and change occurred	string	Completed 6 percent (0/15) \tProcess Privilege Rights area.
value	The value passed to the module to modify to.	success	string	Guest Account

Notes

Note

This module uses the SecEdit.exe tool to configure the values, more details of the areas and keys that can be configured can be found here https://msdn.microsoft.com/en-us/library/bb742512.aspx.
If you are in a domain environment these policies may be set by a GPO policy, this module can temporarily change these values but the GPO will override it if the value differs.
You can also run SecEdit.exe /export /cfg C:\temp\output.ini to view the current policies set on your system.

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2017 Michael DeHaan
© 2017 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/win_security_policy_module.html