Forge Home

advanced_security_policy

This module sets Advanced Security Policy settings on Windows.

5,948 downloads

215 latest version

3.1 quality score

Version information

  • 3.0.0 (latest)
  • 2.1.1
released Jun 7th 2022
This version is compatible with:

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'kpn-advanced_security_policy', '3.0.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add kpn-advanced_security_policy
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install kpn-advanced_security_policy --version 3.0.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

kpn/advanced_security_policy — version 3.0.0 Jun 7th 2022

advanced_security_policy

Table of Contents

Overview

This module sets and enforces the advanced security policies for windows.

Module Description

This module uses LGPO.exe (v2.2) to configure the advanced security policies on Windows. LGPO.exe is a command-line utility that is designed to help automate management of Local Group Policy. It can import and apply settings from Registry Policy (Registry.pol) files, security templates, Advanced Auditing backup files, as well as from formatted “LGPO text” files.

Setup

Setup Requirements

This module requires:

  • ADMX and ADML files with the policy settings to be set (in C:\Windows\PolicyDefinitions)
  • LGPO.exe needs to be installed in C:\Windows\System32 (Add the following code)
      include advanced_security_policy
    

What advanced_security_policy affects

  • Advanced security policies.
  • C:\Windows\System32\GroupPolicy\Machine\Registry.pol
  • A backup is made of C:\Windows\System32\GroupPolicy\Machine\Registry.pol and is placed in C:\Management\advanced_security\Registry.pol

Beginning with advanced_security_policy

To start using advanced_security_policy, simply include the module and add the defined type statements in your profile. Then configure the policies you want to set. (for example in hiera)

Usage

When using Configure SMB v1 client driver you may also need to set Configure SMB v1 client to ['Bowser','MRxSmb20','NSI'] due to dependencies for this service

Parameters

policy(resource) name (required)

Type: 'String' Default: '$title' Values: Any valid advanced security subcategory Description: The policy name matches the name in the policy editor

ensure

Type: 'String' Default: 'present' Values: 'present' or 'absent' Description: When a policy is set, ensure will be 'present'. If a policy is to be set as 'not configured' then ensure must be set to 'absent'.

policy_value

Type: 'String' Values: 'enabled', 'disabled' or a value Description: This is the value to be set for the policy. This can be 'enabled', 'disabled' or a value to be set.

Examples

Example: Setting multiple security policies

  advanced_security_policy {'Turn off Autoplay':
    policy_value => '255',
  }

  advanced_security_policy {Configuration of wireless settings using Windows Connect Now':
    policy_value => 'disabled'
  }

  advanced_security_policy {'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)':
    policy_value => 'enabled',
  }

  advanced_security_policy {'Security: Specify the maximum log file size (KB)':
    ensure         => 'absent',
  }

Reference

Defined Types

  • advanced_security_policy

Provider

  • securitypolicy

Limitations

This is where you list OS compatibility, version compatibility, etc.

This module works on:

  • Windows 2008 R2
  • Windows 2012 R2
  • Windows 2016
  • Windows 2019
  • Windows 2022

Development

You can contribute by submitting issues, providing feedback and joining the discussions.

Go to: https://github.com/kpn-puppet/puppet-kpn-advanced_security_policy

If you want to fix bugs, add new features etc:

  • Fork it
  • Create a feature branch ( git checkout -b my-new-feature )
  • Apply your changes and update rspec tests
  • Run rspec tests ( bundle exec rake spec )
  • Commit your changes ( git commit -am 'Added some feature' )
  • Push to the branch ( git push origin my-new-feature )
  • Create new Pull Request