2016-09-22 12:43:57 +00:00
---
title: About the security_policy Resource
---
# security_policy
Use the `security_policy` InSpec audit resource to test security policies on the Windows platform.
2017-10-03 21:35:10 +00:00
<br>
2016-09-27 19:03:23 +00:00
## Syntax
2016-09-22 12:43:57 +00:00
A `security_policy` resource block declares the name of a security policy and the value to be tested:
describe security_policy do
its('policy_name') { should eq 'value' }
end
where
* `'policy_name'` must specify a security policy
* `{ should eq 'value' }` tests the value of `policy_name` against the value declared in the test
2017-10-03 21:35:10 +00:00
<br>
2016-09-22 12:43:57 +00:00
2017-10-03 21:35:10 +00:00
## Examples
2016-09-22 12:43:57 +00:00
2017-10-03 21:35:10 +00:00
The following examples show how to use this InSpec audit resource.
2016-09-22 12:43:57 +00:00
2017-10-03 21:35:10 +00:00
### Verify that only the Administrators group has remote access
2016-09-22 12:43:57 +00:00
2017-10-03 21:35:10 +00:00
describe security_policy do
its('SeRemoteInteractiveLogonRight') { should eq '*S-1-5-32-544' }
end
2016-09-22 12:43:57 +00:00
2017-10-03 21:35:10 +00:00
<br>
2016-09-22 12:43:57 +00:00
2017-10-03 21:35:10 +00:00
## Matchers
2016-09-22 12:43:57 +00:00
2017-10-03 21:35:10 +00:00
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
2016-09-22 12:43:57 +00:00
2016-09-27 19:03:23 +00:00
### policy_name
2016-09-22 12:43:57 +00:00
The `policy_name` matcher must be the name of a security policy:
its('SeNetworkLogonRight') { should eq '*S-1-5-11' }
