Was able to figure this out. Used a simple one line PS script to check to see
if that log was enabled
Get-WinEvent -ListLog 'Microsoft-IIS-Configuration/Operational' | Select-Object
-ExpandProperty "IsEnabled"
If it returns false, then remediation runs that script from the other site to
enable the log and set the max file size.
The baseline is deployed to a collection that’s populated by a query that
checks to see if the W3SVC service is running.
BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax
[cid:image001.jpg@01D36930.74A5DC90]
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
[cid:image002.jpg@01D36930.74A5DC90]<https://www.linkedin.com/company/canal-insurance-company>
WARNING: As the information in this transmittal (including attachments, if
any) may contain confidential, proprietary, or business trade secret
information, it should only be reviewed by those who are the intended
recipients. Unless you are an intended recipient, any review, use, disclosure,
distribution or copying of this transmittal (or any attachments) is strictly
prohibited. If you have received this transmittal in error, please notify me
immediately by reply email and destroy all copies of the transmittal. While
Canal believes this transmittal to be free of virus or other defect, it is the
responsibility of the recipient to ensure that it is virus free and no
responsibility is accepted by Canal (or its subsidiaries and affiliates) for
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of DonPick
Sent: Wednesday, November 29, 2017 3:12 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Compliance Baseline for Enabling Specific Windows Logs?
Does this help?
PS C:\Windows\system32> .\wevtutil gl Microsoft-IIS-Configuration/Operational
Failed to read configuration for log Microsoft-IIS-Configuration/Operational.
The specified channel could not be found.
Check channel configuration.
PS C:\Windows\system32>
PS C:\Windows\system32> $lastexitcode
15007
PS C:\Windows\system32>
Best Regards DonPick
From: Brian Illner<mailto:brian.ill...@canal-ins.com>
Sent: Thursday, 30 November 2017 6:38 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] Compliance Baseline for Enabling Specific Windows Logs?
We need to enable the IIS Configuration Operational logs on all our webservers
and are looking for a way to automate this.
Has anyone done anything similar using ConfigMgr’s compliance baselines?
I have a script from here to actually enable the log, but I still need a method
to detect if it is already enabled or not.
https://blogs.technet.microsoft.com/sateesh-arveti/2011/03/10/powershell-script-to-enable-iis-configuration-auditing/<https://blogs.technet.microsoft.com/sateesh-arveti/2011/03/10/powershell-script-to-enable-iis-configuration-auditing/>
BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax
Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
WARNING: As the information in this transmittal (including attachments, if
any) may contain confidential, proprietary, or business trade secret
information, it should only be reviewed by those who are the intended
recipients. Unless you are an intended recipient, any review, use, disclosure,
distribution or copying of this transmittal (or any attachments) is strictly
prohibited. If you have received this transmittal in error, please notify me
immediately by reply email and destroy all copies of the transmittal. While
Canal believes this transmittal to be free of virus or other defect, it is the
responsibility of the recipient to ensure that it is virus free and no
responsibility is accepted by Canal (or its subsidiaries and affiliates) for
any loss or damage arising therefrom.
