Public/Import-EventViewerCustomViews.ps1
|
<#
.SYNOPSIS Imports Event Viewer Custom Views to devices. .DESCRIPTION Deploys Event Viewer Custom Views XML files for security monitoring. .EXAMPLE Import-EventViewerCustomViews #> function Import-EventViewerCustomViews { [CmdletBinding()] param( [switch]$DryRun ) $ErrorActionPreference = "Stop" $workspacePath = Get-WorkspacePath if (-not $workspacePath) { Write-Error "Workspace not configured. Run Initialize-NLBaseline first." return } Write-Host "`nImporting Event Viewer Custom Views`n" -ForegroundColor Cyan $modulePath = $PSScriptRoot -replace 'Public$', '' $viewsPath = Join-Path -Path $modulePath -ChildPath "Resources\EventViewerCustomViews" if (-not (Test-Path $viewsPath)) { Write-Error "Event Viewer Custom Views not found: $viewsPath" return } $xmlFiles = Get-ChildItem -Path $viewsPath -Filter "*.xml" if ($xmlFiles.Count -eq 0) { Write-Warning "No XML files found in $viewsPath" return } Write-Host "Found $($xmlFiles.Count) Event Viewer Custom View files:" -ForegroundColor Green foreach ($file in $xmlFiles) { Write-Host " - $($file.Name)" -ForegroundColor White } if ($DryRun) { Write-Host "`n[DryRun] Would deploy $($xmlFiles.Count) Event Viewer Custom Views via Intune Script" -ForegroundColor Cyan Write-Host "Note: Event Viewer Custom Views are deployed via PowerShell scripts to devices" -ForegroundColor Gray return } Write-Host "`nNote: Event Viewer Custom Views must be deployed via Intune Scripts or Group Policy" -ForegroundColor Yellow Write-Host "XML files location: $viewsPath" -ForegroundColor Cyan Write-Host "`nTo deploy:" -ForegroundColor Yellow Write-Host "1. Create Intune Scripts for each XML file" -ForegroundColor White Write-Host "2. Use PowerShell to import XML: `$xml = Get-Content 'path\to\file.xml' -Raw; `$xml | Out-File 'C:\ProgramData\Microsoft\Event Viewer\Views\filename.xml'" -ForegroundColor White Write-Host "3. Or use Group Policy: Computer Configuration > Preferences > Files" -ForegroundColor White } |