Skip to content

Latest commit

 

History

History
209 lines (169 loc) · 5.1 KB

AuditPolicies.adoc

File metadata and controls

209 lines (169 loc) · 5.1 KB

DSC Resource 'AuditPolicies'

AuditPolicies contains DSC resources for the management and configuration of the advanced audit policy on all currently supported versions of Windows.

Source

DSC Resource

Documentation
Table 1. Attributes of category 'AuditPolicies'
Parameter DataType Description

Options

hashtable[]

Set of audit policy options (see AuditPolicyOption)

Subcategories

hashtable[]

Set of advanced audit policy subcategory audit flags (see AuditPolicySubcategory)

Guids

hashtable[]

Set of advanced audit policy subcategory audit flags that works around localization issues with auditpol (see AuditPolicyGUID)

CsvPath

String

The path to the CSV file with audit policy backup to apply to the node.
Table 2. Attributes of category 'AuditPolicies/Options'
Parameter Attribute DataType Description Allowed Values

Name

Key

String

The name of the audit policy option to configure.

  • CrashOnAuditFail

  • FullPrivilegeAuditing

  • AuditBaseObjects

  • AuditBaseDirectories

Value

Mandatory

String

The value to apply to the audit policy option.

  • Enabled

  • Disabled
Table 3. Attributes of category 'AuditPolicies/Subcategories'
Parameter Attribute DataType Description Allowed Values

Name

Key

String

The name of the subcategory in the advanced audit policy to manage.

AuditFlag

Key

String

The name of the audit flag to apply to the subcategory.

  • Success

  • Failure

Ensure

String

Indicates whether the service is present or absent. Defaults to Present.

  • Present (default)

  • Absent
Table 4. Attributes of category 'AuditPolicies/Guids'
Parameter Attribute DataType Description Allowed Values

Name

Key

String

The name of the subcategory in the advanced audit policy to manage.

AuditFlag

Key

String

The name of the audit flag to apply to the subcategory.

  • Success

  • Failure

Ensure

String

Indicates whether the service is present or absent. Defaults to Present.

  • Present (default)

  • Absent
Example
AuditPolicies:
  Options:
    - Name: AuditBaseObjects
      Value: Enabled
    - Name: AuditBaseDirectories
      Value: Enabled

  Subcategories:
    - Name: Logon
      AuditFlag: Success
      Ensure: Absent
    - Name: Logon
      AuditFlag: Failure
      Ensure: Present

  Guids:
    - Name: Logon
      AuditFlag: Success
      Ensure: Absent
    - Name: Logon
      AuditFlag: Failure
      Ensure: Present

  CsvPath: C:\Temp\AuditPolBackup.csv
Recommended Lookup Options in Datum.yml (Excerpt)
lookup_options:

  AuditPolicies:
    merge_hash: deep
  AuditPolicies\Options:
    merge_hash_array: UniqueKeyValTuples
    merge_options:
      tuple_keys:
        - Name
  AuditPolicies\Subcategories:
    merge_hash_array: UniqueKeyValTuples
    merge_options:
      tuple_keys:
        - Name
        - AuditFlag
  AuditPolicies\Guids:
    merge_hash_array: UniqueKeyValTuples
    merge_options:
      tuple_keys:
        - Name
        - AuditFlag