Forum Change auditor does not register events when running powershell scripts on servers

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 21 subscribers
Views 3546 views
Users 0 members are here

Options

Related

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Change auditor does not register events when running powershell scripts on servers

gsoto over 5 years ago

When executing powershell or invoke-command scripts the Change Auditor does not record anything

Parents

0 Aidar.Karabalaev over 5 years ago

I would look at it this way. The story is complex and we need to consider the whole picture with following points of control:

#1. Right to execute the script/ACL/permissions layer: Local Admin, OS rights (Logon as Batch Job, As Service) - controlled by GPO

#2. Log the execution actions on Server: Events (Logon as Batch Job, As Service), TS Logon, Interactive Logon.

#2.1 Log access on Resources: File Access on Share by the script, other servers$ shares etc...
Cancel
Up 0 Down

Cancel

Reply

0 Aidar.Karabalaev over 5 years ago

I would look at it this way. The story is complex and we need to consider the whole picture with following points of control:

#1. Right to execute the script/ACL/permissions layer: Local Admin, OS rights (Logon as Batch Job, As Service) - controlled by GPO

#2. Log the execution actions on Server: Events (Logon as Batch Job, As Service), TS Logon, Interactive Logon.

#2.1 Log access on Resources: File Access on Share by the script, other servers$ shares etc...
Cancel
Up 0 Down

Cancel

Children

No Data