Łukasz Ślemp aimarpl
silentbreaksec
/ SysmonStartup.bat
Created
March 2, 2018 23:39
Windows batch file to deploy Sysmon using a startup script via GPO
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| :: Author: Ryan Watson | |
| :: Twitter: @gentlemanwatson | |
| :: Version: 1.0 | |
| :: Credits: Credit to Syspanda.com and their Sysmon GPO article for the kick off point | |
| :: https://www.syspanda.com/index.php/2017/02/28/deploying-sysmon-through-gpo/ | |
| :: ** IMPORTANT ** | |
| :: 1) Create a Sysmon folder with the SYSVOL share on your domain controller | |
| :: 2) Download Sysmon from Microsoft and place both sysmon.exe and sysmon64.exe in |