winlogbeat
  1. Invoke-WebRequest https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-7.10.0-windows-x86_64.zip -out wlb.zip
  2. expand-archive .\wlb.zip
  3. New-Item -Path "c:\windows\temp" -Name "winlogbeat" -ItemType "directory"
  4. Copy-item .\wlb\winlogbeat-7.10.0-windows-x86_64\* c:\windows\temp\winlogbeat
  5. c:\windows\temp\winlogbeat\install-service-winlogbeat.ps1
  6. $rights="D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  7. sc.exe sdset winlogbeat $rights
Parsed in 0.004 seconds