Skip to main content

audit_policy resource

Use the audit_policy Chef InSpec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to No Auditing, Not Specified, Success, Success and Failure, or Failure.



This resource is distributed with Chef InSpec and is automatically available for use.


This resource first became available in v1.0.0 of InSpec.


An audit_policy resource block declares a parameter that belongs to an audit policy category or subcategory:

describe audit_policy do
  its('parameter') { should eq 'value' }


  • 'parameter' must specify a parameter
  • 'value' must be one of No Auditing, Not Specified, Success, Success and Failure, or Failure


The following examples show how to use this Chef InSpec audit resource.

Test that a parameter is not set to “No Auditing”

describe audit_policy do
  its('Other Account Logon Events') { should_not eq 'No Auditing' }

Test that a parameter is set to “Success”

describe audit_policy do
  its('User Account Management') { should eq 'Success' }


For a full list of available matchers, see our Universal Matchers page.
Edit this page on GitHub

Thank you for your feedback!


Search Results