Announcement

Collapse
No announcement yet.

Modify DNS logging settings via GPO

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Modify DNS logging settings via GPO

    I've been asked to write a domain-wide GPO to do the following:

    * Create a folder called "C:\DNSLogs".
    * Share the folder "C:\DNSLogs" as "DNSLogs".
    * Modify the DNS server Debug logging so that the log file path points to "C:\dnslogs\DNSLogs.log".
    * Restart DNS for the changes to take effect.

    From what I can see, the easiest method to do this is to create a GPO which runs a PowerShell script on each domain controller to do the above. Is this the only solution?
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    The first two should be possible using Group Policy Preferences, but I think PowerShell for the last two:
    https://technet.microsoft.com/en-us/...verdiagnostics
    https://technet.microsoft.com/en-us/.../ee176942.aspx
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      I think I worked it out with your help, on how to use just the GPOs GPPs. This is what I think will work:

      * Create a folder called "C:\DNSLogs".

      Click image for larger version

Name:	CreateFolder.png
Views:	1
Size:	74.9 KB
ID:	513139

      * Share the folder "C:\DNSLogs" as "DNSLogs".

      Click image for larger version

Name:	ShareFolder.png
Views:	1
Size:	79.1 KB
ID:	513140
      * Modify the DNS server Debug logging so that the log file path points to "C:\dnslogs\DNSLogs.log".

      Click image for larger version

Name:	ModifyDNSLogging.png
Views:	1
Size:	148.4 KB
ID:	513141
      * Restart DNS for the changes to take effect.

      Click image for larger version

Name:	RestartDNSService.png
Views:	1
Size:	41.6 KB
ID:	513138
      What do you think?

      The only issue I have is that the GPP will restart the DNS service on the domain controllers every 5 minutes and this seems superfluous.















      |
      +-- JDMils
      |
      +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
      |

      Comment


      • #4
        Looks like restarting the DNS service on all domain controllers every 5 minutes is killing DNS across the domain. Is there a way to only restart the DNS service when the DNS folder is created earlier in the GPO? It seems that each GPP preference is a separate entity and thus you cannot link them in this way?
        |
        +-- JDMils
        |
        +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
        |

        Comment


        • #5
          It is all a "one off" so why don't you move the last two steps into a startup script?
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Yep, you're right- I'll move them into a PowerShell script! Thanks.
            |
            +-- JDMils
            |
            +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
            |

            Comment

            Working...
            X