DOC-123079 - WiNC Parser Overrides for Print AppLocker PowerShell

Summary:

The document outlines modifications called "WiNC Parser Overrides" intended for use with components such as Windows Print (307 events), AppLocker (MSI/DLL/EXE command execution), and PowerShell (cmdlet execution). It provides step-by-step guidance on how to implement these overrides, including creating a registry key for enabling print audit on target print servers and setting up Group Policy for PowerShell logging. The document also alerts users of recent changes in connectors version 7.2.1+, requiring adjustments in parser configurations detailed in the attached zip file. Additionally, this content refers to two files: "microsoft_windows_security_auditing.sdkkeyvaluefilereader.properties" (450 bytes) and "winc_samples.zip" (8.3 KB, equivalent to 8499 bytes). The document has undergone a final marking and includes suggestions for categorization of metadata. It appears to be either documentation or internal metadata management for Microsoft products like Windows, providing information about specific files and their properties related to security auditing in the mentioned environments.

Details:

The article discusses the "WiNC Parser Overrides," which are modifications for various components including Windows Print (307 events), AppLocker (MSI/DLL/EXE command execution), and PowerShell (cmdlet execution). It provides specific instructions on how to implement these overrides, such as enabling print audit by creating a registry key on the target print servers and configuring Group Policy for PowerShell logging. The article also mentions that there have been recent changes in connectors version 7.2.1+, requiring adjustments in parser configurations, which are detailed in the attached zip file. This content appears to be a summary of file information and related metadata from a platform or system (likely Microsoft Windows), including details about two files named "microsoft_windows_security_auditing.sdkkeyvaluefilereader.properties" and "winc_samples.zip". The files are described as having sizes of 450 bytes for the former and 8.3 KB for the latter, which is approximately 8.3 * 1024 = 8499 bytes. The content also mentions a total view count of 195 views without specifying whether these are unique or cumulative views. Additionally, there's a note about adding categorization to this metadata, and the document has been marked as final. The document is associated with various keywords such as "overrides", "applocker", and "print", indicating that it might be relevant to areas of security (specifically Applocker) and system logs or events related to printing in Windows environments. The context suggests this could be part of a documentation, support material, or internal metadata management for Microsoft products like Windows, where users can access detailed information about specific files and their properties, as well as categorize them based on relevance or function within the system.