PowerShell Script for Local Log Policy Audit Management
Script ps-audit.ps1
Usage:
-h -> Get This Help
-l -> Load and Save in CSV (ActualSetting_ComputerName.csv) Actual Audit Settings
-p AuditTemplate.csv -> Print Audit Settings from AuditTemplate.csv file
-c AuditTemplate.csv -> Compare Audit Settings with Desired AuditTemplate.csv file
-s AuditTemplate.csv -> Sync Audit Settings with Desired AuditTemplate.csv file
Included CSV files
Are Best Practice policies from MS
Link: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations
- system-audit-settings-stronger-recommendation-server-DC.csv
- system-audit-settings-stronger-recommendation-server.csv
- system-audit-settings-stronger-recommendation-workstation.csv
Script help
Load Current Local Policy
Compare Current Local Policy with Desired
- means no matching policies (D - Desired Policy Setting has logging of [S - IsSuccessEnabled] and [F - IsFailureEnabled] or [(Empty or -) means no policy]. A - Actual Policy Setting)
+ means that policies are the same
? means that no such audit policy on machine
Sync Current Local Policy with Desired
