A while ago I created a document describing how to increase logging in Windows.
It had explicit instructions on what needed to be done. The problem is that to do this on an enterprise level would be unwieldy.
So I created PowerShell scripts to automate the process. I created three scripts
- get-loggingReport.ps1 which reads and displays the logging settings for a computer
- set-logging.ps1 which sets the desired logging levels
- reset-logging.ps1 which resets the logging levels to the defaults
The scripts read/set/reset the following logging settings.
- Log Sizes
- Audit Policy for 'run' Registry Keys -- this could be expanded to other Registry Keys and Files
- Logon/Logoff Audit Policy
- Account Management Audit Policy
- Firewall Events Audit Policy
- Process Creation and Termination Audit Policy
- PowerShell Script Logging
- Audit Policy Auditing