Andreas/noid-privacy
1
0
Fork 0
mirror of https://github.com/NexusOne23/noid-privacy.git synced 2026-02-07 12:11:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
noid-privacy/Modules/SecurityBaseline/Private/Backup-AuditPolicies.ps1

66 lines
2 KiB
PowerShell
Raw Blame History

<#
.SYNOPSIS
Backup current audit policies
.DESCRIPTION
Uses auditpol.exe to export current audit policy configuration.
Backs up all Advanced Audit Policy settings.
.PARAMETER BackupPath
Path where backup CSV will be saved
.OUTPUTS
PSCustomObject with backup status
.NOTES
Uses auditpol.exe /backup command
#>
function Backup-AuditPolicies {
[CmdletBinding()]
param(
[Parameter(Mandatory = $true)]
[string]$BackupPath
)
$result = [PSCustomObject]@{
Success = $false
BackupPath = $BackupPath
Errors = @()
}
try {
Write-Log -Level DEBUG -Message "Backing up audit policies via auditpol.exe..." -Module "SecurityBaseline"
# Export current audit settings
$auditpolArgs = @(
"/backup",
"/file:`"$BackupPath`""
)
$process = Start-Process -FilePath "auditpol.exe" `
-ArgumentList $auditpolArgs `
-Wait `
-NoNewWindow `
-PassThru `
-RedirectStandardOutput (Join-Path $env:TEMP "auditpol_backup_stdout.txt") `
-RedirectStandardError (Join-Path $env:TEMP "auditpol_backup_stderr.txt")
if ($process.ExitCode -eq 0) {
$result.Success = $true
Write-Log -Level DEBUG -Message "Audit policies backup saved to: $BackupPath" -Module "SecurityBaseline"
}
else {
$stderr = Get-Content (Join-Path $env:TEMP "auditpol_backup_stderr.txt") -Raw -ErrorAction SilentlyContinue
$result.Errors += "auditpol backup failed with exit code $($process.ExitCode): $stderr"
Write-Error "auditpol backup failed: $stderr"
}
}
catch {
$result.Errors += "Audit policies backup failed: $_"
Write-Error "Audit policies backup failed: $_"
}
return $result
}
Reference in a new issue View git blame Copy permalink