diff --git a/configs/attack_range_default.yml b/configs/attack_range_default.yml
index 7b02eb40..509d3844 100644
--- a/configs/attack_range_default.yml
+++ b/configs/attack_range_default.yml
@@ -44,7 +44,10 @@ general:
   # See the chapter Carbon Black in the docs page Attack Range Features.
 
   install_contentctl: "0"
-# Install splunk/contentctl on linux servers
+  # Install splunk/contentctl on linux servers
+
+  advanced_logging: "0"
+  # Enable verbose windows security logs by setting this to 1.
 
 aws:
   region: "us-west-2"
@@ -175,7 +178,7 @@ windows_servers_default:
   # More information in chapter Bad Blood under Attack Range Features.
 
   aurora_agent: "0"
-# Install Aurora Agent
+  # Install Aurora Agent
 
 linux_servers_default:
   hostname: ar-linux
diff --git a/packer/ansible/roles/windows_common/tasks/main.yml b/packer/ansible/roles/windows_common/tasks/main.yml
index 950a32cb..cba4c0b9 100644
--- a/packer/ansible/roles/windows_common/tasks/main.yml
+++ b/packer/ansible/roles/windows_common/tasks/main.yml
@@ -14,4 +14,5 @@
     - "adobereader"
     - "python"
 - include: advanced_logging.yml
+  when: advanced_logging == "1"
 
diff --git a/terraform/ansible/windows_post.yml b/terraform/ansible/windows_post.yml
index c57e2db5..b3a13ddd 100644
--- a/terraform/ansible/windows_post.yml
+++ b/terraform/ansible/windows_post.yml
@@ -12,9 +12,9 @@
     - red_team_tools
     - join_domain
     - windows_agent_prelude
-    - crowdstrike_falcon_agent
-    - carbon_black_cloud_agent
     - bad_blood
     - splunk_byo_windows
     - windows_aurora_agent
-    - windows_install_attack_simulation
\ No newline at end of file
+    - windows_install_attack_simulation
+    - crowdstrike_falcon_agent
+    - carbon_black_cloud_agent
\ No newline at end of file