I am trying to automate checking the audit settings on GPOs. In the GUI, to check one GPO, I'd open Group Policy Management Console, expand domains, the domain name, Group Policy Objects, select a GPO that I wanted to check, go to the delegation tab, choose advanced, advanced again on the setting window that opens, and finally select the Auditing tab. I want to add non-default settings here to all our GPOs and periodically check that those settings haven't been removed. I can query for GPOs with the "get-gpo" command, but that doesn't give me the information that I want. Any ideas how I could get the auditing information? I appreciate any help.
Active Directory – Check GPO Audit Settings via PowerShell
active-directoryauditpowershell
Related Topic
- Managing Advanced Security Settings Active Directory User Accounts
- Powershell – How to use PowerShell GPO cmdlets to set up file security
- Missing Account audit events on DC’s
- GPO shows applied under user settings, but contains only computer settings
- Owner/administrator doesn’t have permissions to change audit settings
Best Answer
You'll want to make use of the Active Directory PSDrive and the Get-Acl cmdlet. Specifically,
That should get you started. Here is some more information about the AD: PSDrive.