Quantcast
Channel: Jay Connor – HappySCCM
Viewing all articles
Browse latest Browse all 108

KB3004375 - Command-line Auditing

$
0
0

iexeplore happysccm.com

Have you enabled this?

It basically logs all command lines launched to the security event log under ID 4688.

To enable it you first need to deploy update KB3004375 to support Windows 7 devices then enable the following group policies:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit process tracking
Audit process tracking

Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Configuration\Detailed Tracking\Audit Process Creation
Audit Process Creation

Administrative Templates\System\Audit Process Creation\Include command line in process creation events
Include command line in process creation events

I'm sure this will be useful

 


Viewing all articles
Browse latest Browse all 108

Trending Articles