AudityBuddy is a PowerShell Cmdlet used to manage Windows Audit settings.
AuditBuddy also includes a .NET library used by the cmdlet that can be used in any .NET application.
The module can directly be installed from the PSGallery using
Install-Module -Name AuditBuddy
- Advanced Audit Policy Settings Documentation
- Legacy Audit Policy Settings Documentation
- Audit Policy Recommendations
Please feel free to file issues through GitHub for bugs and feature requests and we'll respond to them as quickly as we're able.
Get-AuditPolicy [[-Category] {System | Logon | Object Access | Privilege Use | Detailed Tracking | Policy Change |
Account Management | Directory Service Access | Account Logon}] [<CommonParameters>]
Get legacy Audit policy settings.
Gets the legacy Audit policies
Get-AuditPolicy
Gets the Audit policy for Object Access
Get-AuditPolicy -Category 'Object Access'
Get-AuditPolicyCategories [<CommonParameters>]
Get legacy Audit policy categories.
Gets the legacy Audit policies
Get-AuditPolicyCategories
Set-AuditPolicy [-CategoryName] {System | Logon | ObjectAccess | PrivilegeUse | DetailedTracking | PolicyChange |
AccountManagement | DirectoryServiceAccess | AccountLogon} [-Setting] {None | Success | Failure | Both}
[<CommonParameters>]
Set-AuditPolicy [-Policy] <AuditPolicy[]> [-Setting] {None | Success | Failure | Both} [<CommonParameters>]
Set legacy Audit policy settings.
Enables Success auditing on the Object Access legacy audit policy
Set-AuditPolicy -CategoryName 'ObjectAccess' -Setting Success
Enables Success auditing on ObjectAccess and DetailedTracking legacy audit policies
'ObjectAccess','DetailedTracking' | Set-AuditPolicy -Setting Success
Enable Success and Audit on all legacy audit policies
Get-AuditPolicy | Set-AuditPolicy -Setting Both
Get-AdvancedAuditPolicy [-CategoryName {System | Logon/Logoff | Object Access | Privilege Use | Detailed Tracking
| Policy Change | Account Management | DS Access | Account Logon}] [<CommonParameters>]
Get-AdvancedAuditPolicy [-SubCategoryName <string>] [<CommonParameters>]
Get-AdvancedAuditPolicy [-SubCategory <AdvancedAuditSubCategory[]>] [<CommonParameters>]
Get Advanced Audit policy settings
Gets all of the Advanced Audit policy settings
Get-AdvancedAuditPolicy
Gets only the Object Access related audit policy settings
Get-AdvancedAuditPolicy -Category 'Object Access'
Gets only the Object Access related audit policy settings
Get-AdvancedAuditPolicySubCategories -Category 'Object Access' | Get-AdvancedAuditPolicy
Gets only the File System SubCategory audit policy settings
Get-AdvancedAuditPolicy -SubCategoryName 'File System'
Get-AdvancedAuditPolicyCategories [<CommonParameters>]
Get Advanced Audit policy categories.
Gets the Advanced Audit categories
Get-AdvancedAuditPolicyCategories
Get-AdvancedAuditPolicySubCategories [<CommonParameters>]
Gets the Advanced Audit categories and subcategories.
Gets the Advanced Audit categories and subcategories
Get-AdvancedAuditPolicySubCategories
Gets the Advanced Audit subcategories for Object Access
Get-AdvancedAuditPolicySubCategories -Category 'Object Access'
Set-AdvancedAuditPolicy [-CategoryName] {System | Logon/Logoff | Object Access | Privilege Use | Detailed Tracking
| Policy Change | Account Management | DS Access | Account Logon} [-Setting] {None | Success | Failure | Both}
[<CommonParameters>]
Set-AdvancedAuditPolicy [-SubCategoryName] <string[]> [-Setting] {None | Success | Failure | Both}
[<CommonParameters>]
Set-AdvancedAuditPolicy [-Policy] <AdvancedAuditPolicy[]> [-Setting] {None | Success | Failure | Both}
[<CommonParameters>]
Get Advanced Audit policy settings
Enables Success auditing on the Object Access legacy audit policy
Set-AdvancedAuditPolicy -CategoryName 'Object Access' -Setting Success
Enables Success auditing on the File System subcategory of Object Access
Set-AdvancedAuditPolicy -SubCategoryName 'File System' -Setting Success
Enable Success and Audit on all advanced audit policies
Get-AdvancedAuditPolicy | Set-AdvancedAuditPolicy -Setting Both
Trademarks This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft’s Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party’s policies.