added in gpedit auto update for removable storage audit

2024-09-23 09:25:44 +00:00 · 2024-09-23 09:25:44 +00:00 · a23fb30c74
commit a23fb30c74
parent 55a394d564
1 changed files with 11 additions and 0 deletions
--- a/Install-PromtailOnWindows.ps1
+++ b/Install-PromtailOnWindows.ps1
@ -335,6 +335,17 @@ $logDetails.Enabled = $True
 Set-LogProperties -LogDetails $logDetails
 Get-LogProperties 'Microsoft-Windows-DriverFrameworks-UserMode/Operational'

+## The below line will update the group Policy to enable the removeable storage audit, if GP edit exists
+
+if (Test-Path 'C:\Windows\System32\gpedit.msc') {
+    Write-Host 'Enabling Group Policy - Audit removeable storage.'
+    auditpol /set /subcategory:"Removable Storage" /success:enable /failure:enable    
+}
+else{
+    Write-Host 'c:\Windows\System32\gpedit.msc does NOT exist, Exiting on safety grounds'
+    exit
+}
+
 $downloadUrl = "https://github.com/grafana/loki/releases/download/v2.9.5/promtail-windows-amd64.exe.zip"
 $downloadWinSWUrl = "https://github.com/winsw/winsw/releases/download/v2.12.0/WinSW-x64.exe"
 $winSWFilename = "WinSW-x64.exe"