Using Win-regedit module to change ie hardening

311 views
Skip to first unread message

chall...@gmail.com

unread,
Feb 16, 2017, 10:32:31 PM2/16/17
to Ansible Project
currently i am using power shell
Set-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\' -Name 'IEHarden' -Value '0'

so , i am trying this:
- win_regedit:
         path: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\'
         name:  IEHarden
         data: 0
         type: dword

Error:
"msg": "Missing required argument: key"

If i debug more:

Name           Used (GB)     Free (GB) Provider      Root
----           ---------     --------- --------      ----
HKCR                                   Registry      HKEY_CLASSES_ROOT
HKU                                    Registry      HKEY_USERS
HCCC                                   Registry      HKEY_CURRENT_CONFIG
{"msg":"Missing required argument: key","failed":true}

If i change path to key then it executes, but doesn't change, output shows as:

"changed": false,
    "data_changed": false,
    "data_type_changed": false,
    "invocation": {
        "module_name": "win_regedit"





J Hawkesworth

unread,
Feb 18, 2017, 4:26:36 PM2/18/17
to Ansible Project
I think maybe your module args might be indented too far. I suggest using something like yamllint.com to check your playbook yaml.

Other suggestion is to loose the trailing \ on the path: argument value.

Hope this helps,

Jon

Trent Scholl

unread,
Mar 2, 2017, 8:02:48 AM3/2/17
to Ansible Project
Did you end up getting this working? I'm having the same issue with win_regedit

J Hawkesworth

unread,
Mar 15, 2017, 10:37:37 AM3/15/17
to Ansible Project
Ah, I think I know what is going on here....

If you are using an ansible version before 2.3 devel 'path' should be called 'key', 'name' should be called 'entry' and 'type' should be called 'datatype'

The parameter names were changed (and backward compatible aliases were added for the old names) during 2.3 development as the older names didn't match the terms used by Microsoft.

If you can, please try using ansible 2.3 development version, which is now in feature freeze, so should be stable enough to test against.  I believe Release Candidates are due to start appearing soon.

All the best,

Jon
Reply all
Reply to author
Forward
0 new messages