Windows

Set Audit Policy Powershell

If you are looking to set audit policy from the commandline you may be thinking about how to set audit policy powershell take a look at auditpol
Brandon LeeJuly 11, 2016Last Updated: January 11, 2021
1 minute read
auditpolset01
auditpolset01

Scripting mundane setup tasks is essential in today’s world of server/workstation provisioning in the fast paced Virtualization environments we as system administrators manage.  If you are like me, you may have googled “set audit policy powershell” to find a quick way to set your audit policy via powershell.  If like me, you didn’t really find a good way to set your settings with powershell, you may want to look at the auditpol command line utility which you may already be using as it is.  I have used it before in looking at audit policy settings, but not setting them

Let’s take a look at a quick post on how to set audit policy quickly and easily to match your company’s audit policy using this command line utility.

Set Audit Policy

Again, let’s say I want to set my audit policy to look like the following:

auditpolset01

To see these settings via the command line with the auditpol utility you would enter the following command:

auditpol /get /Category:*

So how would I set the settings in the above screenshot using auditpol?  The syntax is very similar with the set command.  The only difference is that you specify the categories you want to set as well as whether you want to set the /failure to enable or /success to enable or both.

auditpol /set /category:"System","Account Management","Account Logon","Logon/Logoff","Policy Change" /failure:enable /success:enable     

auditpol /set /category:"DS Access","Object Access" /failure:enable

As you can see above, you can lump the various categories together if they have the same auditing settings.  So above, I have System, Account Management, Account Logon, Logon/Logoff, and Policy change all set to audit both failures and successes.  The next line follows suite and enables only failure auditing for the specified settings.

Final Thoughts

The commands above can easily be added to another setup script you may be calling to automate system settings.  The auditpol command is a useful utility and can be used to take a look at current settings as well as set flags that you want set for failure and success auditing.

 

Brandon LeeJuly 11, 2016Last Updated: January 11, 2021
1 minute read

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Photo of Brandon Lee

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

mapdrivehost03

Map a network drive from remote desktop back to local computer

July 29, 2016
Windows server dhcp vlan scopes configured allocating ip addresses

Windows Server DHCP VLAN Configuration: Detailed Guide

May 12, 2021
Viewing-the-NTP-registry-values-that-are-configured-for-your-Windows-Server

Set NTP Server Windows 2016 or Windows 2019

July 21, 2020
freecommander03

Add GUI file explorer to Windows PE environment

March 6, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  |