Curated Examples
Review audit policy settings
Read Windows audit policy settings by category and by policy name.
This pattern is useful when you need to understand the current local audit policy state before making changes.
It is adapted from Examples/GetAuditPolicies.ps1.
Example
Import-Module AuditPolicy
$auditPolicies = Get-SystemAuditPolicy -Categories
$auditPolicies | Format-Table
$auditPolicies.AccountLogon | Format-Table
$auditPolicies.LogonLogoff | Format-Table
$auditPolicies.PolicyChange | Format-Table
Get-SystemAuditPolicy -Policy 'Application Group Management'
What this demonstrates
- reading audit policy grouped by category
- narrowing the output to a single policy
- creating a quick review point before changes