Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

change security access right and max evt/sec to forward #60

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

change security access right and max evt/sec to forward #60

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
20 changes: 8 additions & 12 deletions group-policy-objects/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,6 @@ Set the following setting **Computer Configuration -> Policies -> Windows Settin
* **Network security: Restrict NTLM: Audit NTLM authentication in this domain**: Enable all
* **Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers**: Audit all

Set the following setting **Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Restricted Groups** to the following:

* **BUILTIN\Event Log Readers:** NT AUTHORITY\NETWORK SERVICE

Set the following setting **Computer Configuration -> Policies -> Windows Settings -> Security Settings -> System Services** to the following:

* **Windows Remote Management (WS-Management)**: Startup Mode: Automatic
Expand Down Expand Up @@ -93,6 +89,8 @@ Set the following setting **Computer Configuration -> Administrative Templates -
* **Back up log automatically when full:** Disabled
* **Control Event Log behavior when log file reaches its maximum size**: Disabled
* **Specify the maximum log file size (KB)**: 4194304
* **Configure log access**: Enable
* **Log Access**: O:BAG:SYD:(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;NS)

Set the following setting **Computer Configuration -> Administrative Templates -> Windows Components -> Event Log Service -> System** to the following:

Expand Down Expand Up @@ -153,10 +151,6 @@ Set the following setting **Computer Configuration -> Policies -> Windows Settin

* **Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings**: Enabled

Set the following setting **Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Restricted Groups** to the following:

* **BUILTIN\Event Log Readers:** NT AUTHORITY\NETWORK SERVICE

Set the following setting **Computer Configuration -> Policies -> Windows Settings -> Security Settings -> System Services** to the following:

* **Windows Remote Management (WS-Management)**: Startup Mode: Automatic
Expand Down Expand Up @@ -211,6 +205,8 @@ Set the following setting **Computer Configuration -> Administrative Templates -
* **Back up log automatically when full:** Disabled
* **Control Event Log behavior when log file reaches its maximum size**: Disabled
* **Specify the maximum log file size (KB)**: 4194304
* **Configure log access**: Enable
* **Log Access**: O:BAG:SYD:(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;NS)

Set the following setting **Computer Configuration -> Administrative Templates -> Windows Components -> Event Log Service -> System** to the following:

Expand Down Expand Up @@ -271,10 +267,6 @@ Set the following setting **Computer Configuration -> Policies -> Windows Settin

* **Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings**: Enabled

Set the following setting **Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Restricted Groups** to the following:

* **BUILTIN\Event Log Readers:** NT AUTHORITY\NETWORK SERVICE

Set the following setting **Computer Configuration -> Policies -> Windows Settings -> Security Settings -> System Services** to the following:

* **Windows Remote Management (WS-Management)**: Startup Mode: Automatic
Expand Down Expand Up @@ -327,6 +319,8 @@ Set the following setting **Computer Configuration -> Administrative Templates -
* **Back up log automatically when full:** Disabled
* **Control Event Log behavior when log file reaches its maximum size**: Disabled
* **Specify the maximum log file size (KB)**: 4194304
* **Configure log access**: Enable
* **Log Access**: O:BAG:SYD:(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;NS)

Set the following setting **Computer Configuration -> Administrative Templates -> Windows Components -> Event Log Service -> System** to the following:

Expand Down Expand Up @@ -426,3 +420,5 @@ Set the following setting **Computer Configuration -> Policies -> Administrative

* **Configure target Subscription Manager**: Enabled
* **SubscriptionManagers**: Server=http://SERVERNAME:5985/wsman/SubscriptionManager/WEC
* **Configure forwarder ressource usage**: Enable
* **The maximum forwarding rate (events/sec) allowed for the forwarder**: 1000