yamato-security / enablewindowslogsettings Goto Github PK
View Code? Open in Web Editor NEWDocumentation and scripts to properly enable Windows event logs.
License: GNU General Public License v3.0
Documentation and scripts to properly enable Windows event logs.
License: GNU General Public License v3.0
Please ignore/delete this ...
After testing around with "Detection Lab", I am pretty sure that there MUST be a setting in some policy ... though I cannot find it at the moment.
Hello again
Since I stumbled upon the need to make changes to the audit policy today, I would like to suggest the following:
To easily and quickly import configuration changes, one should insert the command "auditpol /clear /y" before the actual definitions are made. This will reset all previous policies and then you can initiate again.
Extract from the code
:: ...
:: Configure Security log
:: Note: subcategory IDs are used instead of the names in order to work in any OS language.
:: Clear
:: Before configuring (new) audit policies we reset them to default values
auditpol /clear /y
:: Account Logon
:: ...
At least, it does no harm. ;-)
Best regards,
Lasse
Hello,
I have noticed the following "inconsistence" in the batch file:
:::: Detailed File Share (disabled due to noise)
auditpol /set /subcategory:{0CCE9244-69AE-11D9-BED3-505054503030} /success:enable /failure:enable
:::: Filtering Platform Packet Drop (disabled due to noise)
auditpol /set /subcategory:{0CCE9225-69AE-11D9-BED3-505054503030} /success:enable /failure:enable
:::: Registry (currently disabled due to noise)
auditpol /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable /failure:enable
:::: MPSSVC Rule-Level Policy Change (currently disabled while testing)
auditpol /set /subcategory:{0CCE9232-69AE-11D9-BED3-505054503030} /success:enable /failure:enable
So maybe you just forgot to disable the command or to modify the comment.
These are not "issues" of course, but I just wanted to report it.
Thank you VERY MUCH for this amazing script!
Lasse
document translate to japanese
2022/09/29 TOC
Hello,
Just starting to take a deeper look at this amazing project, but stumbled about this:
Is it possible, that you have to change the following commands in your batch file form "/category" to "/subcategory"?
At least I receive corresponding error messages when I try to run them ...
:: Account Management
:::: Computer Account Management
auditpol /set /category:{0CCE9236-69AE-11D9-BED3-505054503030} /success:enable /failure:enable
:::: Other Account Management Events
auditpol /set /category:{0CCE923A-69AE-11D9-BED3-505054503030} /success:enable /failure:enable
:::: Security Group Management
auditpol /set /category:{0CCE9237-69AE-11D9-BED3-505054503030} /success:enable /failure:enable
:::: User Account Management
auditpol /set /category:{0CCE9235-69AE-11D9-BED3-505054503030} /success:enable /failure:enable
Great work anyway! ;-)
Greetings from Germany,
Lasse
I updated ConfiguringSecurityLogAuditPolicies.md on 2022/10/15 but the JP translations still need to be updated.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.