Contents

---
title: About the security_policy Resource
---

# security_policy

Use the `security_policy` InSpec audit resource to test security policies on the Windows platform.

<br>

## Syntax

A `security_policy` resource block declares the name of a security policy and the value to be tested:

    describe security_policy do
      its('policy_name') { should eq 'value' }
    end

where

* `'policy_name'` must specify a security policy
* `{ should eq 'value' }` tests the value of `policy_name` against the value declared in the test

<br>

## Examples

The following examples show how to use this InSpec audit resource.

### Verify that only the Administrators group has remote access

    describe security_policy do
      its('SeRemoteInteractiveLogonRight') { should eq '*S-1-5-32-544' }
    end

<br>

## Matchers

This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

### policy_name

The `policy_name` matcher must be the name of a security policy:

    its('SeNetworkLogonRight') { should eq '*S-1-5-11' }

Version data entries

13 entries across 13 versions & 1 rubygems

Version	Path
inspec-1.51.0	docs/resources/security_policy.md.erb
inspec-1.50.1	docs/resources/security_policy.md.erb
inspec-1.49.2	docs/resources/security_policy.md.erb
inspec-1.48.0	docs/resources/security_policy.md.erb
inspec-1.47.0	docs/resources/security_policy.md.erb
inspec-1.46.2	docs/resources/security_policy.md.erb
inspec-1.45.13	docs/resources/security_policy.md.erb
inspec-1.45.9	docs/resources/security_policy.md.erb
inspec-1.44.8	docs/resources/security_policy.md.erb
inspec-1.43.8	docs/resources/security_policy.md.erb
inspec-1.43.5	docs/resources/security_policy.md.erb
inspec-1.42.3	docs/resources/security_policy.md.erb
inspec-1.41.0	docs/resources/security_policy.md.erb