inspec/docs/resources/security_policy.md.erb

---
title: About the security_policy Resource
---

# security_policy

Use the `security_policy` InSpec audit resource to test security policies on the Windows platform.

## Syntax

A `security_policy` resource block declares the name of a security policy and the value to be tested:

    describe security_policy do
      its('policy_name') { should eq 'value' }
    end

where

* `'policy_name'` must specify a security policy
* `{ should eq 'value' }` tests the value of `policy_name` against the value declared in the test


## Matchers

This InSpec audit resource has the following matchers:

### be

<%= partial "/shared/matcher_be" %>

### cmp

<%= partial "/shared/matcher_cmp" %>

### eq

<%= partial "/shared/matcher_eq" %>

### include

<%= partial "/shared/matcher_include" %>

### match

<%= partial "/shared/matcher_match" %>

### policy_name

The `policy_name` matcher must be the name of a security policy:

    its('SeNetworkLogonRight') { should eq '*S-1-5-11' }

## Examples

The following examples show how to use this InSpec audit resource.

### Verify that only the Administrators group has remote access

    describe security_policy do
      its('SeRemoteInteractiveLogonRight') { should eq '*S-1-5-32-544' }
    end
add all partials for resources 2016-09-22 12:43:57 +00:00			`---`
			`title: About the security_policy Resource`
			`---`

			`# security_policy`

			Use the `security_policy` InSpec audit resource to test security policies on the Windows platform.

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`## Syntax`
add all partials for resources 2016-09-22 12:43:57 +00:00
			A `security_policy` resource block declares the name of a security policy and the value to be tested:

			`describe security_policy do`
			`its('policy_name') { should eq 'value' }`
			`end`

			`where`

			* `'policy_name'` must specify a security policy
			* `{ should eq 'value' }` tests the value of `policy_name` against the value declared in the test


Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`## Matchers`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`This InSpec audit resource has the following matchers:`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### be`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`<%= partial "/shared/matcher_be" %>`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### cmp`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`<%= partial "/shared/matcher_cmp" %>`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### eq`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`<%= partial "/shared/matcher_eq" %>`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### include`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`<%= partial "/shared/matcher_include" %>`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### match`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`<%= partial "/shared/matcher_match" %>`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### policy_name`
add all partials for resources 2016-09-22 12:43:57 +00:00
			The `policy_name` matcher must be the name of a security policy:

			`its('SeNetworkLogonRight') { should eq '*S-1-5-11' }`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`## Examples`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`The following examples show how to use this InSpec audit resource.`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### Verify that only the Administrators group has remote access`
add all partials for resources 2016-09-22 12:43:57 +00:00
			`describe security_policy do`
			`its('SeRemoteInteractiveLogonRight') { should eq '*S-1-5-32-544' }`
			`end`