TestimoX

API Reference

Command

Get-CxAuditPolicy

Namespace ComputerX.PowerShell
Inputs
System.String[]
Outputs
ComputerX.Audit.AuditSubcategorySetting

Gets advanced Audit Policy settings from a local or remote Windows host.

Examples

Authored help example

Example 1


Get-CxAuditPolicy -Source Native

Example 2


Get-CxAuditPolicy -ComputerName SRV1 -Source LocalPolicyCsv

Example 3


Get-CxAuditPolicy -ComputerName SRV1 -Source Registry -Category 'Logon*' -Name 'Process*' -Verbose

Example 4


Get-CxAuditPolicy -ComputerName AD1.ad.evotec.xyz -Source Native -IncludeTransportDiagnostics

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Get-CxAuditPolicy [-ComputerName <string[]>] [-Source <Native|LocalPolicyCsv|Registry>] [-Authentication <Default>] [-Category <string[]>] [-ConfigurationName <string>] [-Credential <PSCredential>] [-IdleTimeoutSeconds <int>] [-IncludePortInSpn] [-IncludeTransportDiagnostics] [-Name <string[]>] [-NoMachineProfile] [-OpenTimeoutSeconds <int>] [-OperationTimeoutSeconds <int>] [-Port <int>] [-UseSsl] [<CommonParameters>]
#

Parameters

ComputerName string[] optionalposition: 0pipeline: true (ByPropertyName)
Target host(s). If omitted, queries the local machine.
Source AuditPolicySource optionalposition: 1pipeline: falsevalues: 3
Data source: Native (advapi32), LocalPolicyCsv (Audit.csv), or Registry (PolAdtEv). Possible values: Native, LocalPolicyCsv, Registry
Possible values: Native, LocalPolicyCsv, Registry
Authentication AuthenticationMechanism optionalposition: namedpipeline: falsevalues: 7
Optional authentication mechanism for remote native audit collection. Possible values: Default, Basic, Negotiate, NegotiateWithImplicitCredential, Credssp, Digest, Kerberos
Possible values: Default, Basic, Negotiate, NegotiateWithImplicitCredential, Credssp, Digest, Kerberos
Category string[] optionalposition: namedpipeline: false
Wildcard filter for audit policy categories (e.g., 'Logon*').
ConfigurationName string optionalposition: namedpipeline: false
Optional PowerShell endpoint configuration name for remote native audit collection.
Credential PSCredential optionalposition: namedpipeline: false
Optional alternate credential for remote native audit collection.
IdleTimeoutSeconds int optionalposition: namedpipeline: false
Optional remote session idle timeout in seconds for remote native audit collection.
IncludePortInSpn SwitchParameter optionalposition: namedpipeline: false
Includes the port in the WinRM service principal name.
IncludeTransportDiagnostics SwitchParameter optionalposition: namedpipeline: false
Includes shared WinRM transport diagnostics on returned remote native audit settings.
Name string[] optionalposition: namedpipeline: false
Wildcard filter for subcategory names (e.g., 'Process*').
NoMachineProfile SwitchParameter optionalposition: namedpipeline: false
Requests a WinRM session without loading the remote machine profile.
OpenTimeoutSeconds int optionalposition: namedpipeline: false
Optional remote session open timeout in seconds for remote native audit collection.
OperationTimeoutSeconds int optionalposition: namedpipeline: false
Optional remote operation timeout in seconds for remote native audit collection.
Port int optionalposition: namedpipeline: false
Optional WinRM port override for remote native audit collection.
UseSsl SwitchParameter optionalposition: namedpipeline: false
Uses HTTPS when invoking remote native audit collection.

Outputs

ComputerX.Audit.AuditSubcategorySetting