Configure the log size

We recommend setting the maximum log size of PowerShell logs to 150MB. To do this, follow the steps outlined below.

  • Log in to any computer that has the GPMC with domain admin credentials.
  • Open the GPMC and, based on your setup, edit the:
    • Default Domain Controllers Policy to enable module logging on a DC.
    • ADAuditPlusMSPolicy to enable module logging on a Windows server.
  • In the Group Policy Management Editor, go to Computer Configuration > Preferences > Windows Settings, and right-click Registry > New > Registry Item.
  • In Action field of the New Registry Properties wizard, select Update from the drop-down. In the Hive field, select HKEY_LOCAL_MACHINE from the drop-down. In the Key Path field,
    enter:SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PowerShell\Operational. In the Value name field, uncheck the box beside Default, and type in MaxSize. In the Value type field, select REG_DWORD from the drop-down. In the Value data field, type in 153616384. In the Base field, select Decimal, and then click Apply.
Configure audit policies in your domain in ADAudit Plus

我们的客户