windows-hardening (Ansible Role)
Attention: This role has been migrated to our hardening-collection:
Please open any issues and pull requests there!
- Ansible 2.3.0
||Flag that indicates whether the operating system MUST require that passwords meet complexity requirements. Default: True|
||Number of failed logon attempts after which a user account MUST be locked out. Default: 4|
||Number of minutes after a failed logon attempt that the account MUST be locked out. Default: 15 minutes|
||The number of minutes that a locked-out account MUST remain locked out before automatically becoming unlocked. Default: 15 minutes|
||Determines which users or groups can access the logon screen of a remote computer through a RDP connection. Default: Administrators|
||Allows a process to authenticate like a user and thus gain access to the same resources as a user. Default: Nobody|
||Allows the user to add a computer to a specific domain. Default: Administrators|
||``||Access Credential Manager as a trusted caller policy setting is used by Credential Manager during backup and restore. Default: No One|
||Required for an account to log on using the network logon type. Default: Nobody|
- hosts: localhost roles: - dev-sec.windows-hardening
For all our tests we use
test-kitchen. If you are not familiar with
test-kitchen please have a look at their guide.
We create multiple hosts - one linux host where Ansible runs on and the Windows hosts.
Next install test-kitchen:
# Install dependencies gem install bundler bundle install
Then you can run the playbook and tests:
# create the ansible and windows hosts bundle exec kitchen create # run ansible playbook on windows host bundle exec kitchen converge default-ansibleserver # verify windows machines bundle exec kitchen verify windows
License and Author
- Author:: Sebastian Gumprich
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.