Updated 18.9.102.2 to also add AUoptions values

Signed-off-by: George Nalen <[email protected]>
ansible-lockdown · Jun 14, 2021 · 04c9ec9 · 04c9ec9
1 parent 3af00a8
commit 04c9ec9
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -530,3 +530,11 @@ public_firewall_log_path: '%SystemRoot%\System32\logfiles\firewall\publicfw.log'
 # public_firewall_log_size is the size of the log file
 # To conform to CIS stadnards the value should be 16,384 or greater. Value is in KB
 public_firewall_log_size: 16,384
+
+
+# 18.9.102.2
+# win16cis_wupdate_options are described below
+# value 2 - Notify for download and install, value 3 - Auto download and notify for install
+# value 4 - Auto download and schedule install (recommended), value 5 - Allow local admin to choose setting
+# value 7 - Auto download, notify to install, notify to restart
+win16cis_wupdate_options: 4
diff --git a/tasks/section18.yml b/tasks/section18.yml
@@ -2614,9 +2614,12 @@
 - name: "SCORED | 18.9.102.2 | PATCH | (L1) Ensure 'Configure Automatic Updates' is set to 'Enabled'"
   win_regedit:
       path: HKLM:\Software\Policies\Microsoft\Windows\Windowsupdate\Au
-      name: NoAutoUpdate
-      data: 0
+      name: "{{ item.name }}"
+      data: "{{ item.data }}"
       type: dword
+  with_items:
+      - { name: NoAutoUpdate, data: 0 }
+      - { name: AUOptions, data: "{{ win16cis_wupdate_options }}" }
   when:
       - rule_18_9_102_2
   tags: