Windows 审核策略/注册表键命令检查仅适用于域控制器
[英]Windows Audit Policy/Registry Key Command Check To Only Apply On Domain Controllers
问题描述
I am trying to craft a command that would run against all of my Windows machines to check if the "Audit Distribution Group Management" audit policy setting is set to "Success and Failure".
我正在尝试制作一个可以针对我的所有 Windows 机器运行的命令,以检查“审核分发组管理”审核策略设置是否设置为“成功和失败”。 I would only like to apply this check to Domain Controller servers and for any other server type to echo out something like "NoCheckRequired", is this possible?我只想将此检查应用于域 Controller 服务器以及任何其他服务器类型以回显诸如“NoCheckRequired”之类的内容,这可能吗?
I tried to create an if-else statement on PowerShell for this, but it was not successful.为此,我尝试在 PowerShell 上创建 if-else 语句,但没有成功。
2 个解决方案
解决方案1
1 2021-06-10 11:00:06
Get-ADComputer -Filter 'primarygroupid -eq "516"'
Will filter the Domain controller将过滤域 controller
解决方案2
1 已采纳 2021-06-10 11:09:02
I tried to use the "wmic.exe ComputerSystem get DomainRole" command to find out the type of machine, values 4 / 5 mean DC server from my understanding, and using an IF statement, I tried to match those values and check if the group policy audit settings were set and for any other values returned other than 4 / 5
wmic.exe ComputerSystem get DomainRole outputs the property name on a separate line before outputting the actual value, so comparing to the number 4 (as an example) will not work. wmic.exe ComputerSystem get DomainRole在输出实际值之前将属性名称输出在单独的行上,因此与数字4 (作为示例)进行比较将不起作用。
Instead, use the Get-CimInstance cmdlet:相反,请使用Get-CimInstance cmdlet:
$CS = Get-CimInstance Win32_ComputerSystem
if($CS.DomainRole -in 4,5){
# We're on a Domain Controller
}
elseif($CS.DomainRole -in 1,3) {
# We're on a Domain member
}
else {
# We're on a workgroup machine
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.