•  
  • Feature-specific Configuration
  • Windows PowerShell
  • Configure event log settings
Click here to shrink
Click here to expand Click here to expand

Configure the log size

We recommend setting the maximum log size of PowerShell logs to 150MB. To do this, follow the steps outlined below.

  1. Log in to any computer that has the GPMC with domain admin credentials.
  2. Open the GPMC and, based on your setup, edit the:
    • Default Domain Controllers Policy to enable module logging on a DC.
    • ADAuditPlusMSPolicy to enable module logging on a Windows server.
  3. In the Group Policy Management Editor, go to Computer Configuration > Preferences > Windows Settings, and right-click Registry > New > Registry Item.
  4. In Action field of the New Registry Properties wizard, select Update from the drop-down. In the Hive field, select HKEY_LOCAL_MACHINE from the drop-down. In the Key Path field, enter:SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PowerShell\Operational. In the Value name field, uncheck the box beside Default, and type in MaxSize. In the Value type field, select REG_DWORD from the drop-down. In the Value data field, type in 153616384. In the Base field, select Decimal, and then click Apply.

Configure audit policies in your domain in ADAudit Plus

Don't see what you're looking for?

  •  

    Visit our community

    Post your questions in the forum.

     
  •  

    Request additional resources

    Send us your requirements.

     
  •  

    Need implementation assistance?

    Try OnboardPro

     

Copyright © 2025, ZOHO Corp. All Rights Reserved.

Get download link