mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-19 16:57:23 +00:00
Update use-windows-event-forwarding-to-assist-in-intrusion-detection.md
This commit is contained in:
Dario Woitasen
GitHub
parent
13f344cd83
commit
926c1470ee
@ -397,6 +397,17 @@ The following GPO snippet performs the following tasks:
|
||||
|
||||
|
||||
|
||||
The following table also contains the six actions to configure in the GPO:
|
||||
|
||||
| Program/Script | Arguments |
|
||||
|------------------------------------|----------------------------------------------------------------------------------------------------------|
|
||||
| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /e:true |
|
||||
| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /ms:102432768 |
|
||||
| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-AppLocker/EXE and DLL" /ms:102432768 |
|
||||
| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /ca:"O:BAG:SYD:(A;;0x7;;;BA)(A;;0x2;;;AU)(A;;0x1;;;S-1-5-32-573)" |
|
||||
| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-DriverFrameworks-UserMode/Operational" /e:true |
|
||||
| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-DriverFrameworks-UserMode/Operational" /ms:52432896 |
|
||||
|
||||
## <a href="" id="bkmk-appendixd"></a>Appendix D - Minimum GPO for WEF Client configuration
|
||||
|
||||
Here are the minimum steps for WEF to operate:
|
||||
@ -655,4 +666,4 @@ You can get more info with the following links:
|
||||
- [Event Queries and Event XML](/previous-versions/bb399427(v=vs.90))
|
||||
- [Event Query Schema](/windows/win32/wes/queryschema-schema)
|
||||
- [Windows Event Collector](/windows/win32/wec/windows-event-collector)
|
||||
- [4625(F): An account failed to log on](./auditing/event-4625.md)
|
||||
- [4625(F): An account failed to log on](./auditing/event-4625.md)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user