tricounty/tcse-deploy
2
0
Fork 0
Code

Added GroupPolicy and Files

Browse Source
This commit is contained in:
scarrington 2024-12-10 14:20:09 -06:00
parent e5a12146e3
commit e9ec26cb81
7 changed files with 77 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
GroupPolicy/LGPO.exe Normal file
View File

Binary file not shown.

12
GroupPolicy/{33C2D9E4-D084-4EE4-99D0-BC6DF203B32D}/Backup.xml Normal file
View File

@ -0,0 +1,12 @@
<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation. All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
<GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-313387930-2272000091-2532780421-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[CONTOSO]]></NetBIOSDomainName><DnsDomainName><![CDATA[contoso.test]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@contoso.test]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-313387930-2272000091-2532780421-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[CONTOSO]]></NetBIOSDomainName><DnsDomainName><![CDATA[contoso.test]]></DnsDomainName><UPN><![CDATA[Domain Admins@contoso.test]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{FACCA114-6E57-4027-AB08-D891F66A4A24}]]></ID><Domain><![CDATA[contoso.test]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 9a eb ad 12 5b f8 6b 87 85 29 f7 96 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 9a eb ad 12 5b f8 6b 87 85 29 f7 96 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 9a eb ad 12 5b f8 6b 87 85 29 f7 96 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Win11_GPO]]></DisplayName><Options><![CDATA[0]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[393222]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}]]]></MachineExtensionGuids><UserExtensionGuids><![CDATA[[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}]]]></UserExtensionGuids><WMIFilter/></GroupPolicyCoreSettings>
<GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
<FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\DC01.contoso.test\sysvol\contoso.test\Policies\{FACCA114-6E57-4027-AB08-D891F66A4A24}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
<FSObjectFile bkp:Path="%GPO_USER_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\DC01.contoso.test\sysvol\contoso.test\Policies\{FACCA114-6E57-4027-AB08-D891F66A4A24}\User\registry.pol" bkp:Location="DomainSysvol\GPO\User\registry.pol"/>
<FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\DC01.contoso.test\sysvol\contoso.test\Policies\{FACCA114-6E57-4027-AB08-D891F66A4A24}\Adm\*.*"/>
</GroupPolicyExtension>
<GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
<FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\DC01.contoso.test\sysvol\contoso.test\Policies\{FACCA114-6E57-4027-AB08-D891F66A4A24}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
</GroupPolicyExtension>
<GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Microsoft" bkp:SourceExpandedPath="\\DC01.contoso.test\sysvol\contoso.test\Policies\{FACCA114-6E57-4027-AB08-D891F66A4A24}\Machine\Microsoft" bkp:Location="DomainSysvol\GPO\Machine\Microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Microsoft\Windows NT" bkp:SourceExpandedPath="\\DC01.contoso.test\sysvol\contoso.test\Policies\{FACCA114-6E57-4027-AB08-D891F66A4A24}\Machine\Microsoft\Windows NT" bkp:Location="DomainSysvol\GPO\Machine\Microsoft\Windows NT"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Microsoft\Windows NT\Audit" bkp:SourceExpandedPath="\\DC01.contoso.test\sysvol\contoso.test\Policies\{FACCA114-6E57-4027-AB08-D891F66A4A24}\Machine\Microsoft\Windows NT\Audit" bkp:Location="DomainSysvol\GPO\Machine\Microsoft\Windows NT\Audit"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\Microsoft\Windows NT\Audit\audit.csv" bkp:SourceExpandedPath="\\DC01.contoso.test\sysvol\contoso.test\Policies\{FACCA114-6E57-4027-AB08-D891F66A4A24}\Machine\Microsoft\Windows NT\Audit\audit.csv" bkp:Location="DomainSysvol\GPO\Machine\Microsoft\Windows NT\Audit\audit.csv"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Microsoft\Windows NT\SecEdit" bkp:SourceExpandedPath="\\DC01.contoso.test\sysvol\contoso.test\Policies\{FACCA114-6E57-4027-AB08-D891F66A4A24}\Machine\Microsoft\Windows NT\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\Microsoft\Windows NT\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\DC01.contoso.test\sysvol\contoso.test\Policies\{FACCA114-6E57-4027-AB08-D891F66A4A24}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\DC01.contoso.test\sysvol\contoso.test\Policies\{FACCA114-6E57-4027-AB08-D891F66A4A24}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\DC01.contoso.test\sysvol\contoso.test\Policies\{FACCA114-6E57-4027-AB08-D891F66A4A24}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
</GroupPolicyBackupScheme>

1
GroupPolicy/{33C2D9E4-D084-4EE4-99D0-BC6DF203B32D}/Bkupinfo.xml Normal file
View File

@ -0,0 +1 @@
<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{FACCA114-6E57-4027-AB08-D891F66A4A24}]]></GPOGuid><GPODomain><![CDATA[contoso.test]]></GPODomain><GPODomainGuid><![CDATA[{8d345ac4-636f-4d69-8650-335cb5d903a9}]]></GPODomainGuid><GPODomainController><![CDATA[DC01.contoso.test]]></GPODomainController><BackupTime><![CDATA[2024-12-10T19:40:51]]></BackupTime><ID><![CDATA[{07BDCD6A-3F72-473C-82B9-67BB69DBE54D}]]></ID><Comment><![CDATA[Backup GPO created by LGPO.exe]]></Comment><GPODisplayName><![CDATA[Win11_GPO]]></GPODisplayName></BackupInst>

64
GroupPolicy/{33C2D9E4-D084-4EE4-99D0-BC6DF203B32D}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv Normal file
View File

@ -0,0 +1,64 @@
Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting,Setting Value
DESKTOP-M3CMQU3,System,IPsec Driver,{0CCE9213-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,System Integrity,{0CCE9212-69AE-11D9-BED3-505054503030},Success and Failure,,3
DESKTOP-M3CMQU3,System,Security System Extension,{0CCE9211-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Security State Change,{0CCE9210-69AE-11D9-BED3-505054503030},Success,,1
DESKTOP-M3CMQU3,System,Other System Events,{0CCE9214-69AE-11D9-BED3-505054503030},Success and Failure,,3
DESKTOP-M3CMQU3,System,Group Membership,{0CCE9249-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,User / Device Claims,{0CCE9247-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Network Policy Server,{0CCE9243-69AE-11D9-BED3-505054503030},Success and Failure,,3
DESKTOP-M3CMQU3,System,Other Logon/Logoff Events,{0CCE921C-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Special Logon,{0CCE921B-69AE-11D9-BED3-505054503030},Success,,1
DESKTOP-M3CMQU3,System,IPsec Extended Mode,{0CCE921A-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,IPsec Quick Mode,{0CCE9219-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,IPsec Main Mode,{0CCE9218-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Account Lockout,{0CCE9217-69AE-11D9-BED3-505054503030},Success,,1
DESKTOP-M3CMQU3,System,Logoff,{0CCE9216-69AE-11D9-BED3-505054503030},Success,,1
DESKTOP-M3CMQU3,System,Logon,{0CCE9215-69AE-11D9-BED3-505054503030},Success and Failure,,3
DESKTOP-M3CMQU3,System,Handle Manipulation,{0CCE9223-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Central Policy Staging,{0CCE9246-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Removable Storage,{0CCE9245-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Detailed File Share,{0CCE9244-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Other Object Access Events,{0CCE9227-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Filtering Platform Connection,{0CCE9226-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Filtering Platform Packet Drop,{0CCE9225-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,File Share,{0CCE9224-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Application Generated,{0CCE9222-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Certification Services,{0CCE9221-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,SAM,{0CCE9220-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Kernel Object,{0CCE921F-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Registry,{0CCE921E-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,File System,{0CCE921D-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Other Privilege Use Events,{0CCE922A-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Non Sensitive Privilege Use,{0CCE9229-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Sensitive Privilege Use,{0CCE9228-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,RPC Events,{0CCE922E-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Token Right Adjusted Events,{0CCE924A-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Process Creation,{0CCE922B-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Process Termination,{0CCE922C-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Plug and Play Events,{0CCE9248-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,DPAPI Activity,{0CCE922D-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Other Policy Change Events,{0CCE9234-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Authentication Policy Change,{0CCE9230-69AE-11D9-BED3-505054503030},Success,,1
DESKTOP-M3CMQU3,System,Audit Policy Change,{0CCE922F-69AE-11D9-BED3-505054503030},Success,,1
DESKTOP-M3CMQU3,System,Filtering Platform Policy Change,{0CCE9233-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Authorization Policy Change,{0CCE9231-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,MPSSVC Rule-Level Policy Change,{0CCE9232-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Other Account Management Events,{0CCE923A-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Application Group Management,{0CCE9239-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Distribution Group Management,{0CCE9238-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Security Group Management,{0CCE9237-69AE-11D9-BED3-505054503030},Success,,1
DESKTOP-M3CMQU3,System,Computer Account Management,{0CCE9236-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,User Account Management,{0CCE9235-69AE-11D9-BED3-505054503030},Success,,1
DESKTOP-M3CMQU3,System,Directory Service Replication,{0CCE923D-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Directory Service Access,{0CCE923B-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Detailed Directory Service Replication,{0CCE923E-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Directory Service Changes,{0CCE923C-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Other Account Logon Events,{0CCE9241-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Kerberos Service Ticket Operations,{0CCE9240-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Credential Validation,{0CCE923F-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing,,0
DESKTOP-M3CMQU3,,Option:CrashOnAuditFail,,Disabled,,0
DESKTOP-M3CMQU3,,Option:FullPrivilegeAuditing,,Disabled,,0
DESKTOP-M3CMQU3,,Option:AuditBaseObjects,,Disabled,,0
DESKTOP-M3CMQU3,,Option:AuditBaseDirectories,,Disabled,,0
1 Machine Name Policy Target Subcategory Subcategory GUID Inclusion Setting Exclusion Setting Setting Value
2 DESKTOP-M3CMQU3 System IPsec Driver {0CCE9213-69AE-11D9-BED3-505054503030} No Auditing 0
3 DESKTOP-M3CMQU3 System System Integrity {0CCE9212-69AE-11D9-BED3-505054503030} Success and Failure 3
4 DESKTOP-M3CMQU3 System Security System Extension {0CCE9211-69AE-11D9-BED3-505054503030} No Auditing 0
5 DESKTOP-M3CMQU3 System Security State Change {0CCE9210-69AE-11D9-BED3-505054503030} Success 1
6 DESKTOP-M3CMQU3 System Other System Events {0CCE9214-69AE-11D9-BED3-505054503030} Success and Failure 3
7 DESKTOP-M3CMQU3 System Group Membership {0CCE9249-69AE-11D9-BED3-505054503030} No Auditing 0
8 DESKTOP-M3CMQU3 System User / Device Claims {0CCE9247-69AE-11D9-BED3-505054503030} No Auditing 0
9 DESKTOP-M3CMQU3 System Network Policy Server {0CCE9243-69AE-11D9-BED3-505054503030} Success and Failure 3
10 DESKTOP-M3CMQU3 System Other Logon/Logoff Events {0CCE921C-69AE-11D9-BED3-505054503030} No Auditing 0
11 DESKTOP-M3CMQU3 System Special Logon {0CCE921B-69AE-11D9-BED3-505054503030} Success 1
12 DESKTOP-M3CMQU3 System IPsec Extended Mode {0CCE921A-69AE-11D9-BED3-505054503030} No Auditing 0
13 DESKTOP-M3CMQU3 System IPsec Quick Mode {0CCE9219-69AE-11D9-BED3-505054503030} No Auditing 0
14 DESKTOP-M3CMQU3 System IPsec Main Mode {0CCE9218-69AE-11D9-BED3-505054503030} No Auditing 0
15 DESKTOP-M3CMQU3 System Account Lockout {0CCE9217-69AE-11D9-BED3-505054503030} Success 1
16 DESKTOP-M3CMQU3 System Logoff {0CCE9216-69AE-11D9-BED3-505054503030} Success 1
17 DESKTOP-M3CMQU3 System Logon {0CCE9215-69AE-11D9-BED3-505054503030} Success and Failure 3
18 DESKTOP-M3CMQU3 System Handle Manipulation {0CCE9223-69AE-11D9-BED3-505054503030} No Auditing 0
19 DESKTOP-M3CMQU3 System Central Policy Staging {0CCE9246-69AE-11D9-BED3-505054503030} No Auditing 0
20 DESKTOP-M3CMQU3 System Removable Storage {0CCE9245-69AE-11D9-BED3-505054503030} No Auditing 0
21 DESKTOP-M3CMQU3 System Detailed File Share {0CCE9244-69AE-11D9-BED3-505054503030} No Auditing 0
22 DESKTOP-M3CMQU3 System Other Object Access Events {0CCE9227-69AE-11D9-BED3-505054503030} No Auditing 0
23 DESKTOP-M3CMQU3 System Filtering Platform Connection {0CCE9226-69AE-11D9-BED3-505054503030} No Auditing 0
24 DESKTOP-M3CMQU3 System Filtering Platform Packet Drop {0CCE9225-69AE-11D9-BED3-505054503030} No Auditing 0
25 DESKTOP-M3CMQU3 System File Share {0CCE9224-69AE-11D9-BED3-505054503030} No Auditing 0
26 DESKTOP-M3CMQU3 System Application Generated {0CCE9222-69AE-11D9-BED3-505054503030} No Auditing 0
27 DESKTOP-M3CMQU3 System Certification Services {0CCE9221-69AE-11D9-BED3-505054503030} No Auditing 0
28 DESKTOP-M3CMQU3 System SAM {0CCE9220-69AE-11D9-BED3-505054503030} No Auditing 0
29 DESKTOP-M3CMQU3 System Kernel Object {0CCE921F-69AE-11D9-BED3-505054503030} No Auditing 0
30 DESKTOP-M3CMQU3 System Registry {0CCE921E-69AE-11D9-BED3-505054503030} No Auditing 0
31 DESKTOP-M3CMQU3 System File System {0CCE921D-69AE-11D9-BED3-505054503030} No Auditing 0
32 DESKTOP-M3CMQU3 System Other Privilege Use Events {0CCE922A-69AE-11D9-BED3-505054503030} No Auditing 0
33 DESKTOP-M3CMQU3 System Non Sensitive Privilege Use {0CCE9229-69AE-11D9-BED3-505054503030} No Auditing 0
34 DESKTOP-M3CMQU3 System Sensitive Privilege Use {0CCE9228-69AE-11D9-BED3-505054503030} No Auditing 0
35 DESKTOP-M3CMQU3 System RPC Events {0CCE922E-69AE-11D9-BED3-505054503030} No Auditing 0
36 DESKTOP-M3CMQU3 System Token Right Adjusted Events {0CCE924A-69AE-11D9-BED3-505054503030} No Auditing 0
37 DESKTOP-M3CMQU3 System Process Creation {0CCE922B-69AE-11D9-BED3-505054503030} No Auditing 0
38 DESKTOP-M3CMQU3 System Process Termination {0CCE922C-69AE-11D9-BED3-505054503030} No Auditing 0
39 DESKTOP-M3CMQU3 System Plug and Play Events {0CCE9248-69AE-11D9-BED3-505054503030} No Auditing 0
40 DESKTOP-M3CMQU3 System DPAPI Activity {0CCE922D-69AE-11D9-BED3-505054503030} No Auditing 0
41 DESKTOP-M3CMQU3 System Other Policy Change Events {0CCE9234-69AE-11D9-BED3-505054503030} No Auditing 0
42 DESKTOP-M3CMQU3 System Authentication Policy Change {0CCE9230-69AE-11D9-BED3-505054503030} Success 1
43 DESKTOP-M3CMQU3 System Audit Policy Change {0CCE922F-69AE-11D9-BED3-505054503030} Success 1
44 DESKTOP-M3CMQU3 System Filtering Platform Policy Change {0CCE9233-69AE-11D9-BED3-505054503030} No Auditing 0
45 DESKTOP-M3CMQU3 System Authorization Policy Change {0CCE9231-69AE-11D9-BED3-505054503030} No Auditing 0
46 DESKTOP-M3CMQU3 System MPSSVC Rule-Level Policy Change {0CCE9232-69AE-11D9-BED3-505054503030} No Auditing 0
47 DESKTOP-M3CMQU3 System Other Account Management Events {0CCE923A-69AE-11D9-BED3-505054503030} No Auditing 0
48 DESKTOP-M3CMQU3 System Application Group Management {0CCE9239-69AE-11D9-BED3-505054503030} No Auditing 0
49 DESKTOP-M3CMQU3 System Distribution Group Management {0CCE9238-69AE-11D9-BED3-505054503030} No Auditing 0
50 DESKTOP-M3CMQU3 System Security Group Management {0CCE9237-69AE-11D9-BED3-505054503030} Success 1
51 DESKTOP-M3CMQU3 System Computer Account Management {0CCE9236-69AE-11D9-BED3-505054503030} No Auditing 0
52 DESKTOP-M3CMQU3 System User Account Management {0CCE9235-69AE-11D9-BED3-505054503030} Success 1
53 DESKTOP-M3CMQU3 System Directory Service Replication {0CCE923D-69AE-11D9-BED3-505054503030} No Auditing 0
54 DESKTOP-M3CMQU3 System Directory Service Access {0CCE923B-69AE-11D9-BED3-505054503030} No Auditing 0
55 DESKTOP-M3CMQU3 System Detailed Directory Service Replication {0CCE923E-69AE-11D9-BED3-505054503030} No Auditing 0
56 DESKTOP-M3CMQU3 System Directory Service Changes {0CCE923C-69AE-11D9-BED3-505054503030} No Auditing 0
57 DESKTOP-M3CMQU3 System Other Account Logon Events {0CCE9241-69AE-11D9-BED3-505054503030} No Auditing 0
58 DESKTOP-M3CMQU3 System Kerberos Service Ticket Operations {0CCE9240-69AE-11D9-BED3-505054503030} No Auditing 0
59 DESKTOP-M3CMQU3 System Credential Validation {0CCE923F-69AE-11D9-BED3-505054503030} No Auditing 0
60 DESKTOP-M3CMQU3 System Kerberos Authentication Service {0CCE9242-69AE-11D9-BED3-505054503030} No Auditing 0
61 DESKTOP-M3CMQU3 Option:CrashOnAuditFail Disabled 0
62 DESKTOP-M3CMQU3 Option:FullPrivilegeAuditing Disabled 0
63 DESKTOP-M3CMQU3 Option:AuditBaseObjects Disabled 0
64 DESKTOP-M3CMQU3 Option:AuditBaseDirectories Disabled 0

BIN
GroupPolicy/{33C2D9E4-D084-4EE4-99D0-BC6DF203B32D}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf Normal file
View File

Binary file not shown.

BIN
GroupPolicy/{33C2D9E4-D084-4EE4-99D0-BC6DF203B32D}/DomainSysvol/GPO/Machine/registry.pol Normal file
View File

Binary file not shown.

BIN
GroupPolicy/{33C2D9E4-D084-4EE4-99D0-BC6DF203B32D}/DomainSysvol/GPO/User/registry.pol Normal file
View File

Binary file not shown.