Suggestion: clear policy

[LasseKrache]

Hello again

Since I stumbled upon the need to make changes to the audit policy today, I would like to suggest the following:

To easily and quickly import configuration changes, one should insert the command "auditpol /clear /y" before the actual definitions are made. This will reset all previous policies and then you can initiate again.

Extract from the code

:: ...
:: Configure Security log 
:: Note: subcategory IDs are used instead of the names in order to work in any OS language.
:: Clear
:: Before configuring (new) audit policies we reset them to default values
auditpol /clear /y 
:: Account Logon
:: ...

At least, it does no harm. ;-)

Best regards,
Lasse

[YamatoSecurity]

Hi @LasseKrache
Thanks again for the suggestion! Let me think about this a little bit.
I want to improve the log settings but keep any settings I don't cover to whatever they were set to before.
(I don't want people to get made that their settings were reset to something worse.)
I might add this in as a comment for people to comment out if they want to reset settings and make sure that all systems have the same settings.

[LasseKrache]

Hello,

Of course, this is just a suggestion and it's up to you, to insert it or not.
From my understanding it does no harm and only ensures that the settings made in the script afterwards are really the only ones that will be implemented in the end. If I would like to use additional settings on my systems, I would build them in your script, too, and not use different methods. But this is only my understanding of such scripts/tools.

Have a nice day!