diff --git a/windows/powershell_dsc.yml b/windows/powershell_dsc.yml new file mode 100644 index 0000000..7db3657 --- /dev/null +++ b/windows/powershell_dsc.yml @@ -0,0 +1,41 @@ +--- +- name: PowerShell DSC + hosts: "{{ HOSTS | default('windows') }}" + gather_facts: false + + tasks: + - name: Setup the SecurityPolicyDSC module + community.windows.win_psmodule: + name: SecurityPolicyDSC + module_version: 2.10.0.0 + state: present + + - name: Set password history + ansible.windows.win_dsc: + resource_name: AccountPolicy + Name: Enforce_password_history + Enforce_password_history: 24 + + - name: Set maximum password age + ansible.windows.win_dsc: + resource_name: AccountPolicy + Name: Maximum_Password_Age + Maximum_Password_Age: 60 + + - name: Set minimum password age + ansible.windows.win_dsc: + resource_name: AccountPolicy + Name: Minimum_Password_Age + Maximum_Password_Age: 20 + + - name: Set minimum password length + ansible.windows.win_dsc: + resource_name: AccountPolicy + Name: Minimum_Password_Length + Maximum_Password_Age: 8 + + - name: Set password complexity requirements + ansible.windows.win_dsc: + resource_name: AccountPolicy + Name: Password_must_meet_complexity_requirements + Password_must_meet_complexity_requirements: Enabled diff --git a/windows/setup.yml b/windows/setup.yml index 64508b5..efa4acc 100644 --- a/windows/setup.yml +++ b/windows/setup.yml @@ -205,6 +205,24 @@ controller_templates: - 'Running' - 'Stopped' + - name: "WINDOWS / PowerShell DSC configuring password requirements" + job_type: run + inventory: "Workshop Inventory" + project: "Ansible official demo project" + playbook: "windows/powershell_dsc.yml" + execution_environment: Default execution environment + credentials: + - "Workshop Credential" + survey_enabled: true + survey: + name: '' + description: '' + spec: + - question_name: Server Name or Pattern + type: text + variable: HOSTS + required: false + - name: "ACTIVE DIRECTORY / Create Active Directory domain" job_type: run inventory: "Workshop Inventory"