Ping a Specific Port

Question

Joe

Asked: 2019-05-25 07:07:33 +0800 CST2019-05-25 07:07:33 +0800 CST 2019-05-25 07:07:33 +0800 CST

Command to Get Security Audit settings

772

Im looking to retrieve the Security audit configuration on a domain joined PC which has audit settings applied Via a domain GPO, but im getting - what seems to be - conflicting results. If i run an RSOP, i see the aduting settings, but Auditpol /get /category:"Logon/Logoff" shows No Auditing. Likewise the local security policy UI, or an secedit export all show No Auditing (AuditLogonEvents = 0). See screenshot below. I know there's a legacy and advanced version of auditing which could be determined by the SCENoApplyLegacyAuditPolicy reg key under HKLM\System\CurrentControlSet\Control\LSA but i dont see the key at all on this machine in question. How could i accurately fetch the auditing settings under any scenario?

1 Answers

Voted

Greg Askew · Answer 1 · 2019-05-25T09:32:53+08:00

Greg Askew

2019-05-25T09:32:53+08:002019-05-25T09:32:53+08:00

Auditpol is for Advanced Audit Policy settings.

The policy settings configured in the screenshot are legacy audit policy settings. To view those use:

secedit /export /areas SECURITYPOLICY /cfg Filename.txt

0

Command to Get Security Audit settings

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?