- 1 year ago
Windows Audit Policy/Registry Key Command Check To Only Apply On Domain Controllers
To check the Windows Audit Policy or registry key settings specifically on Domain Controllers, you can use the following command:
powershellGet-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa" -Name "AuditBaseObjects", "AuditDSAccess"
This PowerShell command retrieves the values of the AuditBaseObjects
and AuditDSAccess
registry keys under HKLM:\System\CurrentControlSet\Control\Lsa
. These registry keys are related to audit policies on Domain Controllers.
By running this command, you can view the current values of the specified audit policy settings on the local machine. Ensure that you run the command with administrative privileges to access the registry keys.
If you want to check the audit policy settings on remote Domain Controllers, you can use PowerShell remoting or tools like Invoke-Command
to execute the command on remote machines.
Please note that modifying the audit policy settings should be done with caution, as it may have security implications. Ensure that you have the necessary permissions and follow best practices when working with audit policies and modifying registry keys.