salt.modules.win_auditpol

A salt module for modifying the audit policies on the machine

Though this module does not set group policy for auditing, it displays how all auditing configuration is applied on the machine, either set directly or via local or domain group policy.

New in version 2018.3.4.

New in version 2019.2.1.

This module allows you to view and modify the audit settings as they are applied on the machine. The audit settings are broken down into nine categories:

  • Account Logon

  • Account Management

  • Detailed Tracking

  • DS Access

  • Logon/Logoff

  • Object Access

  • Policy Change

  • Privilege Use

  • System

The get_settings function will return the subcategories for all nine of the above categories in one dictionary along with their auditing status.

To modify a setting you only need to specify the subcategory name and the value you wish to set. Valid settings are:

  • No Auditing

  • Success

  • Failure

  • Success and Failure

CLI Example:

# Get current state of all audit settings
salt * auditpol.get_settings

# Get the current state of all audit settings in the "Account Logon"
# category
salt * auditpol.get_settings category="Account Logon"

# Get current state of the "Credential Validation" setting
salt * auditpol.get_setting name="Credential Validation"

# Set the state of the "Credential Validation" setting to Success and
# Failure
salt * auditpol.set_setting name="Credential Validation" value="Success and Failure"

# Set the state of the "Credential Validation" setting to No Auditing
salt * auditpol.set_setting name="Credential Validation" value="No Auditing"
salt.modules.win_auditpol.get_setting(name)

Get the current configuration for the named audit setting

Parameters:

name (str) -- The name of the setting to retrieve

Returns:

The current configuration for the named setting

Return type:

str

Raises:

CLI Example:

# Get current state of the "Credential Validation" setting
salt * auditpol.get_setting "Credential Validation"
salt.modules.win_auditpol.get_settings(category='All')

Get the current configuration for all audit settings specified in the category

Parameters:

category (str) --

One of the nine categories to return. Can also be All to return the settings for all categories. Valid options are:

  • Account Logon

  • Account Management

  • Detailed Tracking

  • DS Access

  • Logon/Logoff

  • Object Access

  • Policy Change

  • Privilege Use

  • System

  • All

Default value is All

Returns:

A dictionary containing all subcategories for the specified

category along with their current configuration

Return type:

dict

Raises:

CLI Example:

# Get current state of all audit settings
salt * auditipol.get_settings

# Get the current state of all audit settings in the "Account Logon"
# category
salt * auditpol.get_settings "Account Logon"
salt.modules.win_auditpol.set_setting(name, value)

Set the configuration for the named audit setting

Parameters:
  • name (str) -- The name of the setting to configure

  • value (str) --

    The configuration for the named value. Valid options are:

    • No Auditing

    • Success

    • Failure

    • Success and Failure

Returns:

True if successful

Return type:

bool

Raises:

CLI Example:

# Set the state of the "Credential Validation" setting to Success and
# Failure
salt * auditpol.set_setting "Credential Validation" "Success and Failure"

# Set the state of the "Credential Validation" setting to No Auditing
salt * auditpol.set_setting "Credential Validation" "No Auditing"