Advanced Microsoft Logging (GPO Template)

Logmira – Advanced Microsoft Logging GPO Template

Click here to view the most updated version of this documentation.

Once certain group policy settings have been configured, Blumira can ingest advanced Microsoft Commandline and PowerShell module logging.

You can also use Logmira to easily import the pre-built settings. Logmira has been created as a helpful download of Microsoft Windows Domain Group Policy Object (GPO) settings.

This GPO backup includes our recommended Windows logging settings for all supported versions of MS Windows Server. As opposed to following a list and manually modifying 100 or so settings, it’s way easier to just import it from a backup.

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.

Advanced Microsoft logging with Logmira GPO template

Overview

After configuring certain group policy settings, Blumira can ingest advanced Microsoft Commandline and PowerShell module logging.

You can use Logmira to easily import the pre-built settings. Logmira has been created as a helpful download of Microsoft Windows Domain Group Policy Object (GPO) settings.

This GPO backup includes our recommended Windows logging settings for all supported versions of Microsoft Windows Server. Importing it from backup is much easier than following a list and manually modifying 100+ settings.

Visit GitHub to download the files and get more information.

Logmira GPO Policy Import

Download the GPO backup from here: https://github.com/Blumira/Logmira/raw/master/GPO%20Files/Logmira.zip
Extract the contents of the zip file. It will be a single folder with a large hexidecimal string as the folder name.
Copy the extracted folder to your DC.
Log in to the DC and open Group Policy Management.
Expand the Forest node > Domains node > your domain node.
Right click on the group policy objects folder under your domain and choose New.
In the New GPO window, type in a name, such as Logmira-RV.
In the Source Starter GPO field, keep the default (none) setting.
Click OK.
In the right pane of the window, left click on the new Logmira-RV entry and click Import Settings.
In the Import Settings Wizard window:
1. Click Next to continue.
2. In Backup GPO, ignore the Backup button, and click Next.
3. In Backup location, click Browse to choose the parent folder where you extracted the zip file’s contents and click OK.
  Example: If you extracted the folder to Desktop, choose Desktop in the folder browser. Do not select the extracted folder.
4. In Source GPO, select Logging – RV and click Next.
5. After scanning backup, click Next.
6. Click Finish.
Now that the policy is imported you need to link the policy to your domain:
1. In Group Policy Management, right click on your domain and click Link an existing GPO.
  Alternatively, you can choose each OU that contains machines from which you want to forward logs to Blumira and link the GPO to those OUs instead of to the top-level domain.
2. In Select GPO, select Logmira-RV and click OK.

Additional Resources

Exporting a GPO

(What we have done to create GPOLoggingImport.zip, and what should be done for GPO Backups.)

To begin the export process, open up the group policy management console, navigate to the proper domain, expand group policy objects and select the group policy object that you’d like to export.
Right-click and select Back Up from the menu.
Select the location the backup will be exported to and the description.
Click Back Up.
Click OK.