Enable requirements for Logon Duration Analysis

Version: 2.1.5
Creator Name: Marcel Calef
Date Created: 2019-05-01
Date Modified: 2020-07-19
Scripting language: BAT
Download Count: 74

This script is designed to enhance the login measurements in a computer using auditpol, wevutil and reg commands and complete the requisites for the Analyze Logon Duration Script. It will additionally increase the size of the Group Policy and Print Service Event logs to retain the information for a couple of hours after login. Important note: This script modifies the audit policies on a computer and should be used with caution. If in doubt consult with your IT Security team.
Tags: Logon Duration,auditpol

The Script

:: NAME: Enable requirements for Logon Duration Analysis
::   This script is designed to enhance the login measurements in a computer using auditpol, 
::   wevutil and reg commands and complete the requisites for the Analyze Logon Duration Script.
::   It will additionally increase the size of the Group Policy and Print Service Event logs 
::   to retain the information for a couple of hours after login.
::   Important note: This script modifies the audit policies on a computer and should be used with caution. 
::   If in doubt consult with your IT Security team.
::
:: CREDIT:       Guy Leech, Trentent Tye 
:: PUBLISHED BY: Marcel Calef

:: Enable Command Line Auditing
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit" /v ProcessCreationIncludeCmdLine_Enabled /d 0x1 /f

:: Enable Print Service logging, no retention, size 50MB
wevtutil sl Microsoft-Windows-PrintService/Operational /ms:52428800 /rt:false /ab:false /e

:: Enable Group Policy logging, no retention, size 50MB
wevtutil sl  Microsoft-Windows-GroupPolicy/Operational  /ms:52428800 /rt:false /ab:false /e

:: Enable Process Termination audit policy
Auditpol /set /subcategory:"Process Termination" /success:enable

:: Enable Process Creation audit policy
Auditpol /set /subcategory:"Process Creation" /success:enable

:: Enable Logon Audit policy
Auditpol /set /subcategory:"Logon" /success:enable