Windows

Set Audit Policy Powershell

If you are looking to set audit policy from the commandline you may be thinking about how to set audit policy powershell take a look at auditpol

Scripting mundane setup tasks is essential in today’s world of server/workstation provisioning in the fast paced Virtualization environments we as system administrators manage. ย If you are like me, you may have googled “set audit policy powershell” to find a quick way to set your audit policy via powershell. ย If like me, you didn’t really find a good way to set your settings with powershell, you may want to look at theย auditpol command line utility which you may already be using as it is. ย I have used it before in looking at audit policy settings, but not setting them

Let’s take a look at aย quick post on how to set audit policy quickly and easily to match your company’s audit policy using this command line utility.

Set Audit Policy

Again, let’s say I want to set my audit policy to look like the following:

auditpolset01

To see these settings via the command line with the auditpol utility you would enter the following command:

auditpol /get /Category:*

So how would I set the settings in the above screenshot using auditpol? ย The syntax is very similar with theย set command. ย The only difference is that you specify the categories you want to set as well as whether you want to set the /failure to enable or /success to enable or both.

auditpol /set /category:"System","Account Management","Account Logon","Logon/Logoff","Policy Change" /failure:enable /success:enable     

auditpol /set /category:"DS Access","Object Access" /failure:enable

As you can see above, you can lump the various categories together if they have the same auditing settings. ย So above, I have System, Account Management, Account Logon, Logon/Logoff, and Policy change all set to audit both failures and successes. ย The next line follows suite and enables only failure auditing for the specified settings.

Final Thoughts

The commands above can easily be added to another setup script you may be calling to automate system settings. ย The auditpol command is a useful utility and can be used to take a look at current settings as well as set flags that you want set for failure and success auditing.

 

Subscribe to VirtualizationHowto via Email ๐Ÿ””

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.