Advertisement
Guest User

Untitled

a guest
Jan 24th, 2017
102
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.83 KB | None | 0 0
  1. Rekt Stack win10 Pro Logging VM Setup
  2.  
  3. 1.Local Group Policy
  4. computer configuration -> policies -> windows settings -> security settings -> local policies -> ENABLE ALL
  5.  
  6. 2.Enable FORCE Advanced Audit
  7. computer configuration -> policies -> security settings -> local policies -> security options
  8.  
  9. 3. Increase Logs
  10. WevtUtil sl "Windows PowerShell" /ms:256000100
  11. WevtUtil sl "System" /ms:256000100
  12. WevtUtil sl "Application" /ms:256000100
  13.  
  14. 4. Enable Command line logging
  15. open cmd prompt as root
  16. reg add "hklm\software\microsoft\windows\currentversion\policies\system\audit" /v ProcessCreationIncludeCmdLine_Enabled /t REG_DWORD /d 1
  17.  
  18. 5. Add powershell profile
  19. open notepad as admin.
  20. paste
  21.  
  22. $LogCommandHealthEvent = $true
  23. $LogCommandLifecycleEvent = $true
  24.  
  25. save in
  26. c:\windows\system32\WindowsPowerShell\v1.0\
  27. as
  28. profile.ps1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement