Added win_dsc demo (#7)

Add DSC for setting account policy
2022-03-22 17:55:42 -05:00
parent 51273afedd
commit ea58394360
2 changed files with 59 additions and 0 deletions
--- a/windows/powershell_dsc.yml
+++ b/windows/powershell_dsc.yml
@@ -0,0 +1,41 @@
+---
+- name: PowerShell DSC
+  hosts: "{{ HOSTS | default('windows') }}"
+  gather_facts: false
+
+  tasks:
+  - name: Setup the SecurityPolicyDSC module
+    community.windows.win_psmodule:
+      name: SecurityPolicyDSC
+      module_version: 2.10.0.0
+      state: present
+  
+  - name: Set password history
+    ansible.windows.win_dsc:
+      resource_name: AccountPolicy
+      Name: Enforce_password_history
+      Enforce_password_history: 24
+
+  - name: Set maximum password age
+    ansible.windows.win_dsc:
+      resource_name: AccountPolicy
+      Name: Maximum_Password_Age
+      Maximum_Password_Age: 60
+
+  - name: Set minimum password age
+    ansible.windows.win_dsc:
+      resource_name: AccountPolicy
+      Name: Minimum_Password_Age
+      Maximum_Password_Age: 20
+
+  - name: Set minimum password length
+    ansible.windows.win_dsc:
+      resource_name: AccountPolicy
+      Name: Minimum_Password_Length
+      Maximum_Password_Age: 8
+
+  - name: Set password complexity requirements
+    ansible.windows.win_dsc:
+      resource_name: AccountPolicy
+      Name: Password_must_meet_complexity_requirements
+      Password_must_meet_complexity_requirements: Enabled
--- a/windows/setup.yml
+++ b/windows/setup.yml
@@ -205,6 +205,24 @@ controller_templates:
            - 'Running'
            - 'Stopped'

+  - name: "WINDOWS / PowerShell DSC configuring password requirements"
+    job_type: run
+    inventory: "Workshop Inventory"
+    project: "Ansible official demo project"
+    playbook: "windows/powershell_dsc.yml"
+    execution_environment: Default execution environment
+    credentials:
+    - "Workshop Credential"
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: Server Name or Pattern
+          type: text
+          variable: HOSTS
+          required: false
+
  - name: "ACTIVE DIRECTORY / Create Active Directory domain"
    job_type: run
    inventory: "Workshop Inventory"