windows_audit_policy_subcategory

Configures the current state of a Windows audit policy subcategory.

⚙️ Compatible targets: Windows

Parameters

Name	Documentation
subcategory	GUID, formatted as {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} (braces are optional). This parameter is required.
state	either 'success', 'failure', 'success-and-failure', 'no-auditing'. Choices: `success` `failure` `success-and-failure` `no-auditing` This parameter is required.

Outcome conditions

You need to replace ${subcategory} with its actual canonified value.

✅ Ok: windows_audit_policy_subcategory_${subcategory}_ok
- ☑️ Already compliant: windows_audit_policy_subcategory_${subcategory}_kept
- 🟨 Repaired: windows_audit_policy_subcategory_${subcategory}_repaired
❌ Error: windows_audit_policy_subcategory_${subcategory}_error

Example

method: windows_audit_policy_subcategory
params:
  subcategory: VALUE
  state: success

Documentation

Configure a Windows audit policy subcategory

Subcategory parameter must be filled using the corresponding subcategory GUID (braces are optional)

Subcategories GUID can be retrieved using the following command :

auditpol /list /subcategory:* /r

Example

- name: Configure the "Kerberos Service Ticket Operations" subcategory
  method: windows_audit_policy_subcategory
    subcategory: "{0CCE923F-69AE-11D9-BED3-505054503030}"
    state: "success-and-failure"

Keyboard shortcuts

Rudder techniques

windows_audit_policy_subcategory

Parameters

Outcome conditions

Example

Documentation

Example