The Pigstye

Code, Notes, Stuff

• Home
• PowerShell >>
  • Code >>
    • Exchange
    • AD Commands
    • TimeZone Conversion
    • Directory Space
    • Enable WinRM
    • Long Paths
    • Code Fragments
    • Useful Functions
    • Networking Conversion
  • Scripts >>
    • File List
    • Windows Logging
    • Active Directory Health
    • Get Computer Names
    • File Manipulation Library
    • Domain User Information
    • Domain Group Information
• Forensics >>
  • Forensic Acquisition
  • Volatility
  • Notes >>
    • Logon Failures on DC
    • Registry Keys
    • Logs and Logging
    • Mimikatz
    • Netcat
    • Windows Defender
    • WMI Malware
    • Well Known SIDS
  • Investigations >>
    • Scheduled Task Job File
    • Volume Shadow Copies
    • Password Hacking
    • Prefetch Files
    • IP Address
    • Timeline
• Security >>
  • OpenSSL File Enc
• Code >>
  • VBA Subnetting
  • Remove Spaces
  • Batch String
• HowTo >>
  • Active Directory >>
    • Copy AD Users
    • GP Troubleshooting
    • Delete Old Computers
  • System Admin >>
    • Clean WINSXS
    • Fix RDP Disconnects
    • Remove efi Part
    • Speed Up Logons
    • Track Open Files
    • SQL Server Config Err
    • TS Commands
    • WMI Notes
  • Dos Commands
  • UAC Registry Settings
  • Enable CHM
  • Win8 Admin Shares
  • Recover SA Pass
  • Remove DOCX Pass
  • Win 8.1 HyperV
• Penetration Testing
  • ScanIP
  • SSlyze
  • Nikto
  • Get Subdomains
  • Brute Force Subdomains

Windows Logging

A while ago I created a document describing how to increase logging in Windows.

It had explicit instructions on what needed to be done. The problem is that to do this on an enterprise level would be unwieldy.

So I created PowerShell scripts to automate the process. I created three scripts

• get-loggingReport.ps1 which reads and displays the logging settings for a computer
• set-logging.ps1 which sets the desired logging levels
• reset-logging.ps1 which resets the logging levels to the defaults

The scripts read/set/reset the following logging settings.

• Log Sizes
• Audit Policy for 'run' Registry Keys -- this could be expanded to other Registry Keys and Files
• Logon/Logoff Audit Policy
• Account Management Audit Policy
• Firewall Events Audit Policy
• Process Creation and Termination Audit Policy
• PowerShell Script Logging
• Audit Policy Auditing

This Website made with hand crafted html and css.

Everything here is released under the MIT License.