Managing Windows file system auditing is available through the following PowerShell commands:
Use this command to define a folder or file paths to audit.
Use this command to create a Windows file system auditing template.
Use this command to delete a Windows File System auditing template.
A connection obtained by using the Connect-CAClient command. | |
The CAWindowsFSAuditTemplate object to remove. Obtain the template objects using the Get-CAWindowsFSAuditTemplates command and filter to select the object to remove. | |
Removes template without prompting for a confirmation. The default is false. |
Remove-CAWindowsFSAuditTemplate -Connection $connection -Template $removeTemplate
Use this command to edit an existing Windows File System auditing template.
A connection obtained by using the Connect-CAClient command. |
Get-CAWindowsFSAuditTemplates -Connection $connection
Use this command to get a list of all available Windows File System auditing event classes.
A connection obtained by using the Connect-CAClient command. |
Get-CAWindowsFSEventClassInfo -Connection $connection
A connection obtained by using the Connect-CAClient command. | |
Use this command to specify a filter for the SQL Extended Events to audit when creating templates.
The available event and filter information obtained using the Get-CASQLExtendedEventsInfo command. | |
The operator to be used for comparison. See the output obtained from the Get-CASQLExtendedEventsInfo command for available operators for the specified filter field. | |
Use this command to specify the SQL Extended Events to audit.
The available event and filter information obtained using thee Get-CASQLExtendedEventsInfo command. | |
Use this command to create SQL Extended Events auditing templates.
A connection obtained by using the Connect-CAClient command. | |
The list of events to audit using New-CASQLExtendedEventsObject. | |
A list of event filters using New-CASQLExtendedEventsFilter. | |
An agent object obtained using the Get-CAAgents command. If not specified, it will expect an agent installed on the SQL server to be audited. The agent is used for SQL Extended Events session management and event auditing. |
Use this command to see all the SQL Extended Events templates that have been created.
A connection obtained by using the Connect-CAClient command. |
Get-CASqlExtendedEventsTemplates -Connection $connection
Get-CASqlExtendedEventsTemplates -Connection $connection | Filter.Where(_$.name = "MyTemplate")
Use this command to delete a specified SQL Extended Events template.
The template object obtained using Get-CASQLExtendedEventsTemplates. |
Remove-CASQLExtendedEventsTemplate -Connection $connection -Template $template
NOTE: When you delete a template (see Remove-CAAgentTemplate), the web application created in Azure Active Directory remains. You can delete the web application using the Azure management portal. If you do not have the portal, see https://technet.microsoft.com/en-us/library/dn832618.aspx for instructions. |
Use this command to create a template for auditing Azure Active Directory.
$connection = Connect-CAClient –InstallationName ‘Default'
The following permissions must be assigned to the Azure web application:
Once the required permissions are applied, click Grant admin consent for… and confirm with Yes.
An agent object obtained using the Get-CAAgents command. The agent will be used for Azure Active Directory auditing.
| |||
A connection obtained by using the Connect-CAClient command. | |||
Specifies whether auditing is enabled or disabled for Azure Active Directory. |
An agent object obtained using the Get-CAAgents command. The agent will be used for Azure Active Directory auditing.
| |||
A connection obtained by using the Connect-CAClient command. | |||
A template object obtained by the Get-CAAzureADTemplates command. | |||
Specifies that you want to create a new Azure web application. The Azure Active Directory sign-in page opens automatically.
To apply the consent to all the users in your organization, click to enable Consent on behalf of your organization and click Accept.
| |||
Set-CAAzureADTemplate -Connection $connection -Template $template -SignIns $True
-AuditLogs $True
Use this command to see all the Azure Active Directory templates available within your installation.
A connection obtained by using the Connect-CAClient command. |
Get-CAAzureADTemplates -Connection $connection
NOTE: When you delete a template (see Remove-CAAgentTemplate), the web application created in Azure Active Directory remains. You can delete the web application using the Azure management portal. If you do not have the portal, see https://technet.microsoft.com/en-us/library/dn832618.aspx for instructions. |
An agent obtained by using the Get-CAAgents command.
| |||
A connection obtained by using the Connect-CAClient command. | |||
Specifies that you want to create a new Azure web application. The Azure Active Directory sign-in page opens automatically.
To apply the consent to all the users in your organization, click to enable Consent on behalf of your organization and click Accept.
| |||
The filename of an exported X509 certificate with private key. | |||
Specifies whether the auditing template is enabled or disabled. | |||
Specifies whether Exchange Online auditing is enabled or disabled. | |||
Specifies whether OneDrive for Business auditing is enabled or disabled. | |||
Specifies whether SharePoint Online auditing is enabled or disabled. | |||
An agent object obtained by using the Get-CAAgents command.
| |||
A connection obtained by using the Connect-CAClient command. | |||
The filename of an exported X509 certificate with private key. | |||
Specifies whether the auditing template is enabled or disabled. | |||
Specifies whether Exchange Online auditing is enabled or disabled. | |||
Specifies whether OneDrive for Business auditing is enabled or disabled. | |||
Specifies whether SharePoint Online auditing is enabled or disabled. | |||
A connection obtained by using the Connect-CAClient command. | |||
A template object obtained by using the Get-CAO365Templates command. | |||
Specifies that you want to create a new Azure web application. The Azure Active Directory sign-in page opens automatically.
To apply the consent to all the users in your organization, click to enable Consent on behalf of your organization and click Accept.
| |||
An agent object obtained by using the Get-CAAgents command.
| |||
Specifies whether to audit all Exchange Online mailboxes accessed by non-owners. | |||
The filename of an exported X509 certificate with private key. | |||
Specifies whether Exchange Online auditing is enabled or disabled. | |||
Specifies whether OneDrive for Business auditing is enabled or disabled. | |||
Specifies whether SharePoint Online auditing is enabled or disabled. | |||
Set-CAO365Template -Connection $connection -Template $template
-AuditOrganization $true
Set-CAO365Template -Connection $connection -Template $template -AgentInfo $agent
Use this command to see all the Office 365 templates available within your installation.
A connection obtained by using the Connect-CAClient command. |
Get-CAO365Templates -Connection $connection
A connection obtained by using the Connect-CAClient command. | |
The Office 365 tenant that is used for auditing. For example, yourTenantName.onmicrosoft.com. |
Remove-CAO365Template -Connection $connection -Tenant $tenant
A connection obtained by using the Connect-CAClient command. | |
The Office 365 tenant that is used for auditing. For example, yourTenantName.onmicrosoft.com. | |
The number of objects to exclude from the list of returned objects, starting from the top. | |
Get-CAO365ExchangeMailboxes -Connection $connection -Tenant $tenant -SearchText "a"
A connection obtained by using the Connect-CAClient command. | |
A template object obtained by using the Get-CAO365Templates command. | |
Mailbox objects obtained by using the Get-CAO365ExchangeMailboxes command. | |
Use this command to remove mailboxes from an existing Office 365 Exchange Online template.
A connection obtained by using the Connect-CAClient command. | |
A template object obtained by using the Get-CAO365Templates command. | |
Mailbox objects obtained by using the Get-CAO365ExchangeMailboxes command. | |
A switch that indicates that all mailboxes will be removed from the template. |
Remove-CAO365ExchangeTemplateMailboxes -Connection $connection -Template $template –All
A connection obtained by using the Connect-CAClient command. | |
A template object obtained by using the Get-CAO365Templates command. | |
The number of objects to exclude from the list of returned objects, starting from the top. | |
Get-CAO365ExchangeTemplateMailboxes -Connection $connection -Template $template
© ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center