How do I enable "Audit user account logons" using PowerShell, to improve security?

With successful hacking attacks more often employing valid Active Directory user credentials, it is quite helpful when administrators can
easily poll user logon events. Rather than query
every domain computer for its logon events, one can alter the Default Domain Controller Policy GPO to enable "Audit user account logons" (Success and Failure) then merely poll
only the domain controller -- quite efficient. PowerShell helpfully has its Group Policy Module, including the following two cmdlets.
1) Get-GPO "Default Domain Controllers Policy" will retrieve the top-level GPO object, but how do I enable that specific setting?
2) Set-GPRegistryValue might be the right tool, but I cannot find any documentation on the values I need to supply to its parameters (-Name -Key -ValueName -Type -Value) to enable "Audit user account logons" -- both Successes and Failures.
One can manually modify this setting using the Group Policy Management console GUI on the domain controller, but I am trying to upgrade my professional work habits to use stored scripts, rather than unrecorded point & clicks, so that my actions are repeatable
and documented.
Any pointers to documentation or an example would be welcome. I originally posted this question in the TechNet PowerShell Forum this afternoon, but someone recommended I copy it to the TechNet Group Policy Forum.
Jeffrey - New Orleans MCITP Enterprise Administrator, Virtualization Administrator

Hi Jeffrey,
>>One can manually modify this setting using the Group Policy Management console GUI on the domain controller, but I am trying to upgrade my professional work habits to use stored scripts, rather than unrecorded point & clicks, so that my actions
are repeatable and documented.
Before going further, although you have expressed that you don't want to use GPMC GUI to configure the audit setting, in fact, it's an easy and comparatively handy method to set the setting. Besides, based on the description, you
want to use PowerShell to do this. However, as far as I know, PowerShell can configure registry-based policy settings and Group Policy Preferences Registry settings, but audit policy security settings are not registry keys.
Nonetheless, if we really don't want to use GPMC console to do this, we can use Auditpol.exe to set the audit setting.
Regarding this point, the following article can be referred to for more information.
Auditpol
https://technet.microsoft.com/en-in/library/cc731451.aspx
Auditpol set
https://technet.microsoft.com/en-in/library/cc755264.aspx
In addition, regarding Group Policy Cmdlets in Windows PowerShell, the following article can be referred to for more information.
Group Policy Cmdlets in Windows PowerShell
https://technet.microsoft.com/en-us/library/ee461027.aspx
TechNet Subscriber Support
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Best regards,
Frank Shen

Similar Messages

  • How do I configure a user account to have 'logon as a service' permissions?

    How do I configure a user account to have ‘logon as a service’ permissions?
    This is for CRM application use and need to enable permission via GPO
    Microsoft TechNet Forum Bandara

    Hi,
    It seems that you know the group policy “Log on as a service” can achieve your goal, so I would like to confirm what do you want to ask?
    If you do not know the path of the group policy “Log on as a service” in domain, you may expend Computer Configuration\Windows Settings\Security
    Settings\Local Policies\User Rights Assignment\Log on as a service in GPMC.
    Regards,
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • How do I run a user account from an external HD?

    How do I run a user account from an external HD? I will be away from my desktop iMac and want to use our MacBook Pro overseas for two months with my iMac user account copied to an external drive.

    1. WARNING: This procedure is for advanced users only. Some third-party software may not work as expected, or may not work at all, if the home folder is moved.
    2. Back up all data.
    3. Copy your home folder to the desired location, which must be on a volume of type "Mac OS Extended (Journaled)" with file ownership enabled, as shown in the Finder Info dialog. Encryption is optional. The volume must be on a local storage device, not on the network, and it must be mounted automatically at startup — before any user logs in. A disk image will not work.
    The name of your home folder is your short user name. Do not rename it. Do not copy the "Users" folder.
    5. Select
     ▹ System Preferences ▹ Users & Groups
    Click the lock icon and authenticate. Right-click or control-click your name in the account list, and select Advanced options from the popup menu. In the sheet that opens, change the location of the home directory. Log out and log back in.
    6. Test. If you have problems, reverse the above steps. If you got this far, you should have no trouble doing that. If everything works as you expect, delete the original home folder.

  • How do I delete a user account to regain the space on my HD?

    How do I delete a user account I am not using to regain the space on the HD?

    System Preferences - Accounts - choose account in the left panel and click the "-" button to delete. You'll want to choose "Delete immediately" to save the space (the "Save in disk image" option will keep the files in an image in your Users folder, which saves you no space).
    Matt

  • How to create a new user account?

    Hi,
    Could you point me to the document/maunal on
    how to create a new user account for OS X 10.4?
    I somehow couldn't find that from Apple web site.
    And I found one here:
    http://www.mcelhearn.com/article.php?story=2004110211244242
    and followed the instruction:
    # echo 'henry::512:512::0:0:Henry James:/Users/henry:/bin/bash' | sudo niload -v passwd /
    but nothing happened. Either this doesn't work with
    V10.4 (which I use), or I missed something.
    Any pointer would be much apprecaited.
    Thanks.
    Macbook Pro   Mac OS X (10.4)  

    Hi Allan and Simon,
    Thanks for your responses.
    Sorry I didn't make my question clear. I meant:
    "How to create a new user account with command line"?
    The GUI (System Preference) would work. But I'd like
    to how to do it from command line (just like on Unix).
    Any inputs would be appreciated.
    Thank you.
    Macbook Pro Mac OS X (10.4)
    Macbook Pro Mac OS X (10.4)

  • How do i combine two user accounts into one

    how do i combine two user accounts into one

    Drag one account's home folder from the Users folder to the other account's desktop, provide your administrator password, and then move your files from it.
    (75344)

  • How do I enable root user in OS X 10.7 Lion?

    How do I enable root user within Lion? I've looked online, and I've been instructed to launch the 'Director Utility', but I cannot find this ANYWHERE in Lion. It's not in my Utilities folder. Can anyone offer any advice as to how to enable the root login? Thanks.

    EDIT: Problem solved! For anyone looking for this file, it's located in System/Library/CoreServices.

  • Just got a mac air and started using it. after getting it set up i migrated files from my old pc.  i did not realize that the files migrated to a different user account.  how do i delete this user account and not lose the migrated files which i need

    I just got a mac air and set it up and started using. after getting famiiar with it i migrated my files from my old pc. i did not realise that the files migrated to a new user account.  how do i delete this user account but not lose the migrated files?

    Mac 101: File Sharing
    Mac OS X 10.7 Help: Transfer files between two Mac computers
    Mac OS X 10.7 Help: Set up a Windows computer to share files with Mac users
    Mac OS X 10.7 Help: Use iDisk to share files
    Mac OS X: Sharing your files with non-Apple computers
    How to share a Mac's files with a PC and vice versa.

  • How do you move a user account to a different drive?

    I recently bought a Mac Pro and installed a second hard drive. The plan is to have the boot drive contain the Opperating system and priogram files and have all user accounts and documents on the second drive.
    How do I move my user account (which is currently on the boot drive) to my secondary drive?

    This used to be done using NetInfo Manager, but that's not part of Leopard. I assume you're running Leopard since you've just bought the Mac Pro.
    In Leopard, location of home directory is controlled by System Preferences -> Accounts. Select the user in the list and control-click to bring up "Advanced Options..."
    Choose the directory on your second drive which corresponds to the one in "Users" that you copied. Don't change any of the other things.
    By the way, it's always a good idea to have an extra admin account with home directory on the boot drive. That way, if something goes wrong with your second drive, you can still log in. As the admin, you can correct problems with your "primary" or "main" account.

  • How do i merge my user accounts after migration assistant

    Hello,
    How do I merge my user accounts after migration assistant from a time machine back up?

    I wonder how to plan what account and rights to have where?
    I had my old original account on my iMac, and then I "migrated" the data to a user account, in order to have some advantages with that setup. So everything worked approximately ok in this setup.
    And yesterday, I tried migrating to a new Mac, and suddenly I get aware of the fact that the rights on these two earlier accounts were important.
    And especially, after doing the migration to the new machine twice, until I got the Mail working, I am now totaly bewildered what solution to aim for? How to merge the two migrated admin accounts - keeping the original admin account is also important, since my file system har special rights for that one.
    Could anyone give me more ideas about how to proceed? I think I have working Mail on one of the two migrated account (with 100 000 mails or so, it seems so...). The other account is the one I would like to have.
    Also I think I want to use a normal user account, not an admin account for my daily use. And I have to see if things still work if I turn off the admin rights...
    Thankful for any advice!
    /groundliner

  • How do I remove an iCloud account without using password?

    How do I remove an iCloud account without using password?

    There is no way if Find my iPhone is turned on. You must know the Apple ID and password. This is Activation Lock, an antitheft feature of iOS 7. See: http://support.apple.com/kb/HT5818

  • HT203052 How do I delete an icloud account which uses an email account no longer in use - I do not have the the passwrd for this account

    How do I delete an icloud account which uses an email account no longer in use - I do not have the the passwrd for this account

    You will need the password. If you can't get it reset via http://iforgot.apple.com (if you remember the answers to the account's security questions then you should be able to reset it via them) then try contacting Support in your country, they should be able to reset it.
    Contacting Apple about account security : http://support.apple.com/kb/HT569
    If your country isn't on that page then try this form and explain and see what they reply with : https://ssl.apple.com/emea/support/itunes/contact.html

  • Creating user in AD using powershell

    Hi,
    How to create ad user in opalis using powershell?

    Hi,
    best will be, you take the "Run .Net Activity" and put your PowerShell Script in there.
    Example Script
    new-aduser $LoginName -GivenName $FirstNameField -Surname $LastnameField -DisplayName $Displayname -UserPrincipalName "$[email protected]" -ChangePasswordAtLogon $true -AccountPassword (ConvertTo-SecureString –AsPlainText “password1password_1” -Force) -Path "OU=$OU,OU=User,OU=Company,DC=domain,DC=com" -Company $Company -Department $Department -enabled $true -EmployeeNumber $EmployeeNumber -Description $EmployeeNumber -EmailAddress $SMTPAdresse -Division $Division
    Seidl Michael | http://www.techguy.at |
    twitter.com/techguyat | facebook.com/techguyat

  • Not able to set security group without mail enabled as site collection admin using powershell in sharepoint online site - office 365

    not able to set security group without mail enabled as site collection admin using powershell in sharepoint online site - office 365?
    Any idea?

    after few days test in my lab, I can see that only email enabled group can be added as site collection admin using POWERSHELL.
    hope this helps who stuck like me!! :-)

  • How can I define a name in Excel using Powershell?

    I know how to reference existing names using the RANGE function but how can I create a new defined name using Powershell?
    My specific case involves defining a name for a single cell with a workbook scope.  Just as if you were to right-click a cell in Excel and choose Define Name.
    The closest I've gotten is the NAMES object for the workbook but when I "gm" that all I see is a method for delete - nothing for adding.
    $xlsx = "c:\Sample.xlsx"
    $excel = new-object -comobject Excel.Application
    $xlb = $excel.Workbooks.Open($xlsx)
    $xlb.names | gm

    In Excel a Range has a name.  You can create a range and name it.  "Names" is just a list of the names that have been defined.
    So what is it that you are asking?  If your spreadsheet has names this will find them for you.
    Try this:
    $xlb.names|select name
    $r=$xlb.sheets.item(1).UsedRange
    $r.Name='all'
    # now do this again
    $xlb.names|select name
    So now you know everything about "names" or, as us old pros say "named ranges" like in the old  west.
    ¯\_(ツ)_/¯

Maybe you are looking for

  • How can i get my hp dv-7 to stop blue screening with the new ocz vertex 3 ssd

    installed a new ocz vertex 3 ssd on my pavilion DV-7-6b75nr and it will now not stop blue screening.Even took it to a computer shop and they could solve the issue. is this laptop not meant for sata 3 SSD's or do i need a certain one or does hp have t

  • ITS Integration with ECC 6.0

    Hi we are doing upgrade from 4.6c to ECC 6.0. It is technical upgrade. In SAP HR, we are using ESS timesheet entry (CATW). Now during upgrade we are facing problem in using ESS timesheet as we are using ITS server and SAP ECC 6.0 does not support ITS

  • Adobe toolbar in Office 2007 not appearing

    I'm having a problem in which the Adobe toolbar is not appearing in our Office 2007 applications.  I have Acrobat 8 installed.  I've already followed all the steps in the following article: http://helpx.adobe.com/acrobat/kb/pdfmaker-unavailable-offic

  • Exclude a table from GATHER SCHEMA STATISTICS

    Hello All, How do you exclude a table from gather schema statistcs? Thanks. Gregg

  • Windows 7 Explorer jump list disappeared

    Hello there! I've Windows Explorer pinned to the task bar. Until yesterday I've also had this jump list with the most important folders and the folders I pinned to Windows Explorer for myself. But now this Jump List has disappeared and I have no idea