Windows Logging
A while ago I created a document describing how to increase logging in Windows.
It had explicit instructions on what needed to be done. The problem is that to do this on an enterprise level would be unwieldy.
So I created PowerShell scripts to automate the process. I created three scripts
- Get Logging Report which reads and displays the logging settings
- Reset Logging which resets the logging levels to the defaults
- Set Logging which sets the desired logging levels
Or you can download them from Github: https://github.com/pigstye/PowerShell-Scripts/blob/main/Remediation
The scripts read/set/reset the following logging settings.
- Log Sizes
- Audit Policy for 'run' Registry Keys -- this could be expanded to other Registry Keys and Files
- Logon/Logoff Audit Policy
- Account Management Audit Policy
- Firewall Events Audit Policy
- Process Creation and Termination Audit Policy
- PowerShell Script Logging
- Audit Policy Auditing