Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

secedit_state

Configure and audit system security.

⚙️ Compatible targets: Windows

Parameters

NameDocumentation
dataJSON object containing the security configuration to apply.

This parameter is required.

Outcome conditions

You need to replace ${data} with its actual canonified value.

  • ✅ Ok: secedit_state_${data}_ok
    • ☑️ Already compliant: secedit_state_${data}_kept
    • 🟨 Repaired: secedit_state_${data}_repaired
  • ❌ Error: secedit_state_${data}_error

Example

method: secedit_state
params:
  data: VALUE

Documentation

The secedit_state method applies a specified security policy to a system.

This method is a wrapper around Rudder secedit module.

Notes

The data parameter must contain a JSON object describing the security configuration to apply. Each top-level key represents a Secedit section and must contain the settings for that section.

Example:

{
  "Unicode": {
    "Unicode": "yes"
  },
  "System Access": {
    "MinimumPasswordLength": 0,
    "MinimumPasswordAge": 0,
    "NewAdministratorName": "Administrator"
  },
  "Event Audit": {
    "AuditSystemEvents": 0
  },
  "Privilege Rights": {
    "SeRemoteShutdownPrivilege": "*S-1-5-32-544"
  }
}

Supported sections

The following sections are supported:

  • Unicode
  • System Access
  • Event Audit
  • Privilege Rights

Unsupported sections

The Registry Values section is not supported. To edit registry entries, refer to the Rudder registry management documentation.