in cortado/rtas/_common.py [0:0]
def enable_logon_audit(host: str = "localhost", verbose: bool = True, sleep_secs: int = 2) -> bool:
"""Enable logon auditing on local or remote system to enable 4624 and 4625 events."""
if verbose:
log.info(f"Ensuring audit logging is enabled on {host}")
auditpol_cmd = "auditpol.exe /set /subcategory:Logon /failure:enable /success:enable"
enable_logging_cmd = (
f"Invoke-WmiMethod -ComputerName {host} -Class Win32_process -Name create -ArgumentList '{auditpol_cmd}'"
)
command = ["powershell", "-c", enable_logging_cmd]
retcode, _, stderr = execute_command(command)
# additional time to allow auditing to process
time.sleep(sleep_secs)
if retcode != 0:
error = stderr or ""
log.error(f"Error while enabling logon audit: `{error}`")
return False
return True