Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET

Detect changes to the registry & notify via cmd line

Home Forums Scripting PowerShell Detect changes to the registry & notify via cmd line

Viewing 1 post (of 1 total)
  • Author
    Posts

  • confuseis
    Participant
    #607133

    Hi

    I’m looking for a command line method to detect a change to the registry and if detected notify the user

    I’m looking for the script to do this by itself without needing to manually set audit policies using the windows GUI

    The idea I’ve come up with is to watch for event id  4657  to  to occur in the registry

    After researching online i am using

    Auditpol /set /subcategory:@[email protected] /success:enable   # To set the audit policy to  ON  for the registry

     

    Get-Winevent -Computername $env:ComputerName -FilterHasTable @{logname=’security’id=4657}  # To display the event 4657

     

    I’ve noticed that no event   4657  has been generated when I manually filter the registry security logs after a few days

    Is there a way using powershell to force this to on ?   Or is there an easy way to detect if any registry key has been changed ?

    I’ve looked at exporting the reg to a file repeating then comparing the reg files but looking for an alternative

    Thanks

     

     

     

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: