From 06ab4a71f04cb04d2cd5816fcc2465e81acef236 Mon Sep 17 00:00:00 2001
From: Liam Glanfield <liam@glanfield.co.uk>
Date: Wed, 5 Oct 2016 13:27:49 +0100
Subject: [PATCH] added missing csv files as they got excluded due to git
 ignore

---
 .gitignore                                    |  1 -
 .../microsoft/windows nt/Audit/audit.csv      | 53 +++++++++++++++++++
 .../microsoft/windows nt/Audit/audit.csv      | 21 ++++++++
 .../microsoft/windows nt/Audit/audit.csv      | 53 +++++++++++++++++++
 .../microsoft/windows nt/Audit/audit.csv      | 21 ++++++++
 5 files changed, 148 insertions(+), 1 deletion(-)
 create mode 100644 Config Files/Group Policy/{732165DF-AA90-4000-832D-D9E18B165C7A}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv
 create mode 100644 Config Files/Group Policy/{C043F3D2-4E56-4C5D-89B7-D4A188D17906}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv
 create mode 100644 Config Files/Group Policy/{E91C2BBC-367E-43D0-81A2-EF4B48A1E036}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv
 create mode 100644 Config Files/Group Policy/{ED2BFC80-36BE-41C5-B72F-CE3232B291A1}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv

diff --git a/.gitignore b/.gitignore
index 372293c..897a5db 100644
--- a/.gitignore
+++ b/.gitignore
@@ -47,7 +47,6 @@ Governance Scripts/
 Network Trash Folder
 Temporary Items
 .apdisk
-*.csv
 Functions/New-RBACRole.ps1
 Scripts/99-PromoteOtherDCs.ps1
 Config Files/DefaultGroups.xml
diff --git a/Config Files/Group Policy/{732165DF-AA90-4000-832D-D9E18B165C7A}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv b/Config Files/Group Policy/{732165DF-AA90-4000-832D-D9E18B165C7A}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv
new file mode 100644
index 0000000..b4a21de
--- /dev/null
+++ b/Config Files/Group Policy/{732165DF-AA90-4000-832D-D9E18B165C7A}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv	
@@ -0,0 +1,53 @@
+Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting,Setting Value
+,System,Audit Credential Validation,{0cce923f-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Kerberos Authentication Service,{0cce9242-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Kerberos Service Ticket Operations,{0cce9240-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Other Account Logon Events,{0cce9241-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Application Group Management,{0cce9239-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Computer Account Management,{0cce9236-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Distribution Group Management,{0cce9238-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Other Account Management Events,{0cce923a-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Security Group Management,{0cce9237-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit User Account Management,{0cce9235-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit DPAPI Activity,{0cce922d-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Process Creation,{0cce922b-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Process Termination,{0cce922c-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit RPC Events,{0cce922e-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Account Lockout,{0cce9217-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit User / Device Claims,{0cce9247-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit IPsec Extended Mode,{0cce921a-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit IPsec Main Mode,{0cce9218-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit IPsec Quick Mode,{0cce9219-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Logoff,{0cce9216-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Logon,{0cce9215-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Network Policy Server,{0cce9243-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Other Logon/Logoff Events,{0cce921c-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Special Logon,{0cce921b-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Application Generated,{0cce9222-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Certification Services,{0cce9221-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Detailed File Share,{0cce9244-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit File Share,{0cce9224-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit File System,{0cce921d-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Filtering Platform Connection,{0cce9226-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Filtering Platform Packet Drop,{0cce9225-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Handle Manipulation,{0cce9223-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Kernel Object,{0cce921f-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Other Object Access Events,{0cce9227-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Registry,{0cce921e-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Removable Storage,{0cce9245-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit SAM,{0cce9220-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Central Access Policy Staging,{0cce9246-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Audit Policy Change,{0cce922f-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Authentication Policy Change,{0cce9230-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Authorization Policy Change,{0cce9231-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Filtering Platform Policy Change,{0cce9233-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit MPSSVC Rule-Level Policy Change,{0cce9232-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Other Policy Change Events,{0cce9234-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Non Sensitive Privilege Use,{0cce9229-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Other Privilege Use Events,{0cce922a-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Sensitive Privilege Use,{0cce9228-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit IPsec Driver,{0cce9213-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Other System Events,{0cce9214-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Security State Change,{0cce9210-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Security System Extension,{0cce9211-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit System Integrity,{0cce9212-69ae-11d9-bed3-505054503030},Success and Failure,,3
diff --git a/Config Files/Group Policy/{C043F3D2-4E56-4C5D-89B7-D4A188D17906}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv b/Config Files/Group Policy/{C043F3D2-4E56-4C5D-89B7-D4A188D17906}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv
new file mode 100644
index 0000000..80eac9f
--- /dev/null
+++ b/Config Files/Group Policy/{C043F3D2-4E56-4C5D-89B7-D4A188D17906}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv	
@@ -0,0 +1,21 @@
+Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting,Setting Value
+,System,Audit Credential Validation,{0cce923f-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Computer Account Management,{0cce9236-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Other Account Management Events,{0cce923a-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Security Group Management,{0cce9237-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit User Account Management,{0cce9235-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Process Creation,{0cce922b-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Account Lockout,{0cce9217-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Logoff,{0cce9216-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Logon,{0cce9215-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Other Logon/Logoff Events,{0cce921c-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Special Logon,{0cce921b-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Removable Storage,{0cce9245-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Audit Policy Change,{0cce922f-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Authentication Policy Change,{0cce9230-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Sensitive Privilege Use,{0cce9228-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit IPsec Driver,{0cce9213-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Other System Events,{0cce9214-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Security State Change,{0cce9210-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Security System Extension,{0cce9211-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit System Integrity,{0cce9212-69ae-11d9-bed3-505054503030},Success and Failure,,3
diff --git a/Config Files/Group Policy/{E91C2BBC-367E-43D0-81A2-EF4B48A1E036}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv b/Config Files/Group Policy/{E91C2BBC-367E-43D0-81A2-EF4B48A1E036}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv
new file mode 100644
index 0000000..b4a21de
--- /dev/null
+++ b/Config Files/Group Policy/{E91C2BBC-367E-43D0-81A2-EF4B48A1E036}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv	
@@ -0,0 +1,53 @@
+Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting,Setting Value
+,System,Audit Credential Validation,{0cce923f-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Kerberos Authentication Service,{0cce9242-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Kerberos Service Ticket Operations,{0cce9240-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Other Account Logon Events,{0cce9241-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Application Group Management,{0cce9239-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Computer Account Management,{0cce9236-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Distribution Group Management,{0cce9238-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Other Account Management Events,{0cce923a-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Security Group Management,{0cce9237-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit User Account Management,{0cce9235-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit DPAPI Activity,{0cce922d-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Process Creation,{0cce922b-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Process Termination,{0cce922c-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit RPC Events,{0cce922e-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Account Lockout,{0cce9217-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit User / Device Claims,{0cce9247-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit IPsec Extended Mode,{0cce921a-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit IPsec Main Mode,{0cce9218-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit IPsec Quick Mode,{0cce9219-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Logoff,{0cce9216-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Logon,{0cce9215-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Network Policy Server,{0cce9243-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Other Logon/Logoff Events,{0cce921c-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Special Logon,{0cce921b-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Application Generated,{0cce9222-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Certification Services,{0cce9221-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Detailed File Share,{0cce9244-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit File Share,{0cce9224-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit File System,{0cce921d-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Filtering Platform Connection,{0cce9226-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Filtering Platform Packet Drop,{0cce9225-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Handle Manipulation,{0cce9223-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Kernel Object,{0cce921f-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Other Object Access Events,{0cce9227-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Registry,{0cce921e-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Removable Storage,{0cce9245-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit SAM,{0cce9220-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Central Access Policy Staging,{0cce9246-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Audit Policy Change,{0cce922f-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Authentication Policy Change,{0cce9230-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Authorization Policy Change,{0cce9231-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Filtering Platform Policy Change,{0cce9233-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit MPSSVC Rule-Level Policy Change,{0cce9232-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Other Policy Change Events,{0cce9234-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Non Sensitive Privilege Use,{0cce9229-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Other Privilege Use Events,{0cce922a-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Sensitive Privilege Use,{0cce9228-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit IPsec Driver,{0cce9213-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Other System Events,{0cce9214-69ae-11d9-bed3-505054503030},No Auditing,,0
+,System,Audit Security State Change,{0cce9210-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Security System Extension,{0cce9211-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit System Integrity,{0cce9212-69ae-11d9-bed3-505054503030},Success and Failure,,3
diff --git a/Config Files/Group Policy/{ED2BFC80-36BE-41C5-B72F-CE3232B291A1}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv b/Config Files/Group Policy/{ED2BFC80-36BE-41C5-B72F-CE3232B291A1}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv
new file mode 100644
index 0000000..80eac9f
--- /dev/null
+++ b/Config Files/Group Policy/{ED2BFC80-36BE-41C5-B72F-CE3232B291A1}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv	
@@ -0,0 +1,21 @@
+Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting,Setting Value
+,System,Audit Credential Validation,{0cce923f-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Computer Account Management,{0cce9236-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Other Account Management Events,{0cce923a-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Security Group Management,{0cce9237-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit User Account Management,{0cce9235-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Process Creation,{0cce922b-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Account Lockout,{0cce9217-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Logoff,{0cce9216-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Logon,{0cce9215-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Other Logon/Logoff Events,{0cce921c-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Special Logon,{0cce921b-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Removable Storage,{0cce9245-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Audit Policy Change,{0cce922f-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Authentication Policy Change,{0cce9230-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Sensitive Privilege Use,{0cce9228-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit IPsec Driver,{0cce9213-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Other System Events,{0cce9214-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit Security State Change,{0cce9210-69ae-11d9-bed3-505054503030},Success,,1
+,System,Audit Security System Extension,{0cce9211-69ae-11d9-bed3-505054503030},Success and Failure,,3
+,System,Audit System Integrity,{0cce9212-69ae-11d9-bed3-505054503030},Success and Failure,,3