diff --git a/GPO Files/Logmira - DCs.zip b/GPO Files/Logmira - DCs.zip
new file mode 100644
index 0000000..886caff
Binary files /dev/null and b/GPO Files/Logmira - DCs.zip differ
diff --git a/GPO Files/Logmira-DCs-Backup.xml b/GPO Files/Logmira-DCs-Backup.xml
new file mode 100644
index 0000000..ba608c0
--- /dev/null
+++ b/GPO Files/Logmira-DCs-Backup.xml	
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2080119107-79042430-4151486730-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MIRATIME]]></NetBIOSDomainName><DnsDomainName><![CDATA[miratime.org]]></DnsDomainName><UPN><![CDATA[Domain Admins@miratime.org]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2080119107-79042430-4151486730-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MIRATIME]]></NetBIOSDomainName><DnsDomainName><![CDATA[miratime.org]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@miratime.org]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{AA3A4A06-3CAE-42CE-8744-3E47E519A430}]]></ID><Domain><![CDATA[miratime.org]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 43 19 fc 7b 7e 17 b6 04 0a a9 72 f7 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 43 19 fc 7b 7e 17 b6 04 0a a9 72 f7 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 43 19 fc 7b 7e 17 b6 04 0a a9 72 f7 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Logmira - DCs]]></DisplayName><Options><![CDATA[0]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[131074]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{F3CCC681-B74C-4060-9F26-CD84525DCA2A}{0F3F3735-573D-9804-99E4-AB2A69BA5FD4}]]]></MachineExtensionGuids><UserExtensionGuids><![CDATA[[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}]]]></UserExtensionGuids><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
+            <FSObjectFile bkp:Path="%GPO_USER_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\User\registry.pol" bkp:Location="DomainSysvol\GPO\User\registry.pol"/>
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        <GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><DSObject bkp:Path="CN=PushedPrinterConnections,%GPO_MACH_DSPATH%" bkp:SourceExpandedPath="CN=PushedPrinterConnections,CN=Machine,CN={AA3A4A06-3CAE-42CE-8744-3E47E519A430},CN=Policies,CN=System,DC=miratime,DC=org" bkp:ObjectClass="container"><DSAttributeMultiString bkp:DSAttrName="showInAdvancedViewOnly"><DSValue><![CDATA[TRUE]]></DSValue></DSAttributeMultiString></DSObject><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\Machine\comment.cmtx" bkp:Location="DomainSysvol\GPO\Machine\comment.cmtx"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\Machine\microsoft" bkp:Location="DomainSysvol\GPO\Machine\microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\Machine\microsoft\windows nt" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\Audit" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\Machine\microsoft\windows nt\Audit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\Audit"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\Audit\audit.csv" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\Machine\microsoft\windows nt\Audit\audit.csv" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\audit.csv"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\Machine\microsoft\windows nt\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/><FSObjectFile bkp:Path="%GPO_USER_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\BLU-DC01.miratime.org\sysvol\miratime.org\Policies\{AA3A4A06-3CAE-42CE-8744-3E47E519A430}\User\comment.cmtx" bkp:Location="DomainSysvol\GPO\User\comment.cmtx"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
diff --git a/GPO Files/Logmira-DCs-gpreport.xml b/GPO Files/Logmira-DCs-gpreport.xml
new file mode 100644
index 0000000..eb157a5
--- /dev/null
+++ b/GPO Files/Logmira-DCs-gpreport.xml	
@@ -0,0 +1,493 @@
+<?xml version="1.0" encoding="utf-16"?>
+<GPO xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.microsoft.com/GroupPolicy/Settings">
+  <Identifier>
+    <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{AA3A4A06-3CAE-42CE-8744-3E47E519A430}</Identifier>
+    <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">miratime.org</Domain>
+  </Identifier>
+  <Name>Logmira - DCs</Name>
+  <IncludeComments>true</IncludeComments>
+  <CreatedTime>2023-05-05T15:57:10</CreatedTime>
+  <ModifiedTime>2023-05-05T15:57:53</ModifiedTime>
+  <ReadTime>2023-05-05T16:03:11.5364363Z</ReadTime>
+  <SecurityDescriptor>
+    <SDDL xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">O:DAG:DAD:PAI(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-2080119107-79042430-4151486730-519)(A;CI;LCRPLORC;;;ED)(A;CI;LCRPLORC;;;AU)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)</SDDL>
+    <Owner xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
+      <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2080119107-79042430-4151486730-512</SID>
+      <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">MIRATIME\Domain Admins</Name>
+    </Owner>
+    <Group xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
+      <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2080119107-79042430-4151486730-512</SID>
+      <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">MIRATIME\Domain Admins</Name>
+    </Group>
+    <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">true</PermissionsPresent>
+    <Permissions xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
+      <InheritsFromParent>false</InheritsFromParent>
+      <TrusteePermissions>
+        <Trustee>
+          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-9</SID>
+          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
+        </Trustee>
+        <Type xsi:type="PermissionType">
+          <PermissionType>Allow</PermissionType>
+        </Type>
+        <Inherited>false</Inherited>
+        <Applicability>
+          <ToSelf>true</ToSelf>
+          <ToDescendantObjects>false</ToDescendantObjects>
+          <ToDescendantContainers>true</ToDescendantContainers>
+          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
+        </Applicability>
+        <Standard>
+          <GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
+        </Standard>
+        <AccessMask>0</AccessMask>
+      </TrusteePermissions>
+      <TrusteePermissions>
+        <Trustee>
+          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2080119107-79042430-4151486730-519</SID>
+          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">MIRATIME\Enterprise Admins</Name>
+        </Trustee>
+        <Type xsi:type="PermissionType">
+          <PermissionType>Allow</PermissionType>
+        </Type>
+        <Inherited>false</Inherited>
+        <Applicability>
+          <ToSelf>true</ToSelf>
+          <ToDescendantObjects>false</ToDescendantObjects>
+          <ToDescendantContainers>true</ToDescendantContainers>
+          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
+        </Applicability>
+        <Standard>
+          <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
+        </Standard>
+        <AccessMask>0</AccessMask>
+      </TrusteePermissions>
+      <TrusteePermissions>
+        <Trustee>
+          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-18</SID>
+          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\SYSTEM</Name>
+        </Trustee>
+        <Type xsi:type="PermissionType">
+          <PermissionType>Allow</PermissionType>
+        </Type>
+        <Inherited>false</Inherited>
+        <Applicability>
+          <ToSelf>true</ToSelf>
+          <ToDescendantObjects>false</ToDescendantObjects>
+          <ToDescendantContainers>true</ToDescendantContainers>
+          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
+        </Applicability>
+        <Standard>
+          <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
+        </Standard>
+        <AccessMask>0</AccessMask>
+      </TrusteePermissions>
+      <TrusteePermissions>
+        <Trustee>
+          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
+          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
+        </Trustee>
+        <Type xsi:type="PermissionType">
+          <PermissionType>Allow</PermissionType>
+        </Type>
+        <Inherited>false</Inherited>
+        <Applicability>
+          <ToSelf>true</ToSelf>
+          <ToDescendantObjects>false</ToDescendantObjects>
+          <ToDescendantContainers>true</ToDescendantContainers>
+          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
+        </Applicability>
+        <Standard>
+          <GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
+        </Standard>
+        <AccessMask>0</AccessMask>
+      </TrusteePermissions>
+      <TrusteePermissions>
+        <Trustee>
+          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2080119107-79042430-4151486730-512</SID>
+          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">MIRATIME\Domain Admins</Name>
+        </Trustee>
+        <Type xsi:type="PermissionType">
+          <PermissionType>Allow</PermissionType>
+        </Type>
+        <Inherited>false</Inherited>
+        <Applicability>
+          <ToSelf>true</ToSelf>
+          <ToDescendantObjects>false</ToDescendantObjects>
+          <ToDescendantContainers>true</ToDescendantContainers>
+          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
+        </Applicability>
+        <Standard>
+          <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
+        </Standard>
+        <AccessMask>0</AccessMask>
+      </TrusteePermissions>
+    </Permissions>
+    <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent>
+  </SecurityDescriptor>
+  <FilterDataAvailable>true</FilterDataAvailable>
+  <Computer>
+    <VersionDirectory>2</VersionDirectory>
+    <VersionSysvol>2</VersionSysvol>
+    <Enabled>true</Enabled>
+    <ExtensionData>
+      <Extension xmlns:q1="http://www.microsoft.com/GroupPolicy/Settings/Security" xsi:type="q1:SecuritySettings">
+        <q1:SecurityOptions>
+          <q1:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy</q1:KeyName>
+          <q1:SettingNumber>1</q1:SettingNumber>
+          <q1:Display>
+            <q1:Name>Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings</q1:Name>
+            <q1:Units />
+            <q1:DisplayBoolean>true</q1:DisplayBoolean>
+          </q1:Display>
+        </q1:SecurityOptions>
+        <q1:EventLog>
+          <q1:Name>MaximumLogSize</q1:Name>
+          <q1:Log>Application</q1:Log>
+          <q1:SettingNumber>16384</q1:SettingNumber>
+        </q1:EventLog>
+        <q1:EventLog>
+          <q1:Name>MaximumLogSize</q1:Name>
+          <q1:Log>System</q1:Log>
+          <q1:SettingNumber>16384</q1:SettingNumber>
+        </q1:EventLog>
+        <q1:EventLog>
+          <q1:Name>MaximumLogSize</q1:Name>
+          <q1:Log>Security</q1:Log>
+          <q1:SettingNumber>2048000</q1:SettingNumber>
+        </q1:EventLog>
+        <q1:Blocked>false</q1:Blocked>
+      </Extension>
+      <Name>Security</Name>
+    </ExtensionData>
+    <ExtensionData>
+      <Extension xmlns:q2="http://www.microsoft.com/GroupPolicy/Settings/Auditing" xsi:type="q2:AuditSettings">
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Credential Validation</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce923f-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Kerberos Authentication Service</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9242-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Kerberos Service Ticket Operations</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9240-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Other Account Logon Events</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9241-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Application Group Management</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9239-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Computer Account Management</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9236-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Distribution Group Management</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9238-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Other Account Management Events</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce923a-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Security Group Management</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9237-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit User Account Management</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9235-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit PNP Activity</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9248-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Process Creation</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce922b-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit RPC Events</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce922e-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Token Right Adjusted</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce924a-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Directory Service Changes</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce923c-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Account Lockout</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9217-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Group Membership</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9249-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Logoff</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9216-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Logon</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9215-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Network Policy Server</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9243-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Other Logon/Logoff Events</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce921c-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Special Logon</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce921b-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Application Generated</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9222-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Certification Services</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9221-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Detailed File Share</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9244-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit File Share</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9224-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Removable Storage</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9245-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit SAM</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9220-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Audit Policy Change</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce922f-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Authentication Policy Change</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9230-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Authorization Policy Change</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9231-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Filtering Platform Policy Change</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9233-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Sensitive Privilege Use</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9228-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit IPsec Driver</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9213-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Other System Events</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9214-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>2</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Security State Change</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9210-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Security System Extension</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9211-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit System Integrity</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9212-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+      </Extension>
+      <Name>Advanced Audit Configuration</Name>
+    </ExtensionData>
+    <ExtensionData>
+      <Extension xmlns:q3="http://www.microsoft.com/GroupPolicy/Settings/Registry" xsi:type="q3:RegistrySettings">
+        <q3:Policy>
+          <q3:Name>Include command line in process creation events</q3:Name>
+          <q3:State>Enabled</q3:State>
+          <q3:Explain>This policy setting determines what information is logged in security audit events when a new process has been created.
+
+This setting only applies when the Audit Process Creation policy is enabled. If you enable this policy setting the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.
+
+If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.
+
+Default: Not configured
+
+Note: When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information such as passwords or user data.
+      </q3:Explain>
+          <q3:Supported>At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1</q3:Supported>
+          <q3:Category>System/Audit Process Creation</q3:Category>
+        </q3:Policy>
+        <q3:Blocked>false</q3:Blocked>
+      </Extension>
+      <Name>Registry</Name>
+    </ExtensionData>
+  </Computer>
+  <User>
+    <VersionDirectory>1</VersionDirectory>
+    <VersionSysvol>1</VersionSysvol>
+    <Enabled>true</Enabled>
+    <ExtensionData>
+      <Extension xmlns:q4="http://www.microsoft.com/GroupPolicy/Settings/Registry" xsi:type="q4:RegistrySettings">
+        <q4:Policy>
+          <q4:Name>Turn on Module Logging</q4:Name>
+          <q4:State>Enabled</q4:State>
+          <q4:Explain>
+        This policy setting allows you to turn on logging for Windows PowerShell modules.
+
+        If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.
+
+        If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False.
+
+        If this policy setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False.
+
+        To add modules and snap-ins to the policy setting list, click Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer.
+
+        Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+      </q4:Explain>
+          <q4:Supported>At least Microsoft Windows 7 or Windows Server 2008 family</q4:Supported>
+          <q4:Category>Windows Components/Windows PowerShell</q4:Category>
+          <q4:Text>
+            <q4:Name>To turn on logging for one or more modules, click Show, and then type the module names in the list. Wildcards are supported.</q4:Name>
+          </q4:Text>
+          <q4:ListBox>
+            <q4:Name>Module Names</q4:Name>
+            <q4:State>Enabled</q4:State>
+            <q4:ExplicitValue>false</q4:ExplicitValue>
+            <q4:Additive>false</q4:Additive>
+            <q4:Value>
+              <q4:Element>
+                <q4:Data>*</q4:Data>
+              </q4:Element>
+            </q4:Value>
+          </q4:ListBox>
+          <q4:Text>
+            <q4:Name>To turn on logging for the Windows PowerShell core modules, type the following module names in the list:</q4:Name>
+          </q4:Text>
+          <q4:Text>
+            <q4:Name>Microsoft.PowerShell.*</q4:Name>
+          </q4:Text>
+          <q4:Text>
+            <q4:Name>Microsoft.WSMan.Management</q4:Name>
+          </q4:Text>
+        </q4:Policy>
+        <q4:Policy>
+          <q4:Name>Turn on PowerShell Script Block Logging</q4:Name>
+          <q4:State>Enabled</q4:State>
+          <q4:Explain>
+        This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting,
+        Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation.
+        
+        If you disable this policy setting, logging of PowerShell script input is disabled.
+        
+        If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script
+        starts or stops. Enabling Invocation Logging generates a high volume of event logs.
+        
+        Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+      </q4:Explain>
+          <q4:Supported>At least Microsoft Windows 7 or Windows Server 2008 family</q4:Supported>
+          <q4:Category>Windows Components/Windows PowerShell</q4:Category>
+          <q4:CheckBox>
+            <q4:Name>Log script block invocation start / stop events:</q4:Name>
+            <q4:State>Enabled</q4:State>
+          </q4:CheckBox>
+        </q4:Policy>
+        <q4:Blocked>false</q4:Blocked>
+      </Extension>
+      <Name>Registry</Name>
+    </ExtensionData>
+  </User>
+</GPO>
diff --git a/GPO Files/Logmira-gpreport.xml b/GPO Files/Logmira-gpreport.xml
new file mode 100644
index 0000000..9138e10
--- /dev/null
+++ b/GPO Files/Logmira-gpreport.xml	
@@ -0,0 +1,493 @@
+<?xml version="1.0" encoding="utf-16"?>
+<GPO xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.microsoft.com/GroupPolicy/Settings">
+  <Identifier>
+    <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{C0F30034-879B-44B0-BC8C-AEDCFB1BCA8F}</Identifier>
+    <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">miratime.org</Domain>
+  </Identifier>
+  <Name>Logmira</Name>
+  <IncludeComments>true</IncludeComments>
+  <CreatedTime>2021-09-29T14:25:33</CreatedTime>
+  <ModifiedTime>2022-03-09T17:37:58</ModifiedTime>
+  <ReadTime>2022-03-09T17:41:58.5089043Z</ReadTime>
+  <SecurityDescriptor>
+    <SDDL xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">O:DAG:DAD:PAI(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-2080119107-79042430-4151486730-519)(A;CI;LCRPLORC;;;ED)(A;CI;LCRPLORC;;;AU)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)</SDDL>
+    <Owner xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
+      <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2080119107-79042430-4151486730-512</SID>
+      <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">MIRATIME\Domain Admins</Name>
+    </Owner>
+    <Group xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
+      <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2080119107-79042430-4151486730-512</SID>
+      <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">MIRATIME\Domain Admins</Name>
+    </Group>
+    <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">true</PermissionsPresent>
+    <Permissions xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
+      <InheritsFromParent>false</InheritsFromParent>
+      <TrusteePermissions>
+        <Trustee>
+          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-9</SID>
+          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
+        </Trustee>
+        <Type xsi:type="PermissionType">
+          <PermissionType>Allow</PermissionType>
+        </Type>
+        <Inherited>false</Inherited>
+        <Applicability>
+          <ToSelf>true</ToSelf>
+          <ToDescendantObjects>false</ToDescendantObjects>
+          <ToDescendantContainers>true</ToDescendantContainers>
+          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
+        </Applicability>
+        <Standard>
+          <GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
+        </Standard>
+        <AccessMask>0</AccessMask>
+      </TrusteePermissions>
+      <TrusteePermissions>
+        <Trustee>
+          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2080119107-79042430-4151486730-519</SID>
+          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">MIRATIME\Enterprise Admins</Name>
+        </Trustee>
+        <Type xsi:type="PermissionType">
+          <PermissionType>Allow</PermissionType>
+        </Type>
+        <Inherited>false</Inherited>
+        <Applicability>
+          <ToSelf>true</ToSelf>
+          <ToDescendantObjects>false</ToDescendantObjects>
+          <ToDescendantContainers>true</ToDescendantContainers>
+          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
+        </Applicability>
+        <Standard>
+          <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
+        </Standard>
+        <AccessMask>0</AccessMask>
+      </TrusteePermissions>
+      <TrusteePermissions>
+        <Trustee>
+          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-18</SID>
+          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\SYSTEM</Name>
+        </Trustee>
+        <Type xsi:type="PermissionType">
+          <PermissionType>Allow</PermissionType>
+        </Type>
+        <Inherited>false</Inherited>
+        <Applicability>
+          <ToSelf>true</ToSelf>
+          <ToDescendantObjects>false</ToDescendantObjects>
+          <ToDescendantContainers>true</ToDescendantContainers>
+          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
+        </Applicability>
+        <Standard>
+          <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
+        </Standard>
+        <AccessMask>0</AccessMask>
+      </TrusteePermissions>
+      <TrusteePermissions>
+        <Trustee>
+          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
+          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
+        </Trustee>
+        <Type xsi:type="PermissionType">
+          <PermissionType>Allow</PermissionType>
+        </Type>
+        <Inherited>false</Inherited>
+        <Applicability>
+          <ToSelf>true</ToSelf>
+          <ToDescendantObjects>false</ToDescendantObjects>
+          <ToDescendantContainers>true</ToDescendantContainers>
+          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
+        </Applicability>
+        <Standard>
+          <GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
+        </Standard>
+        <AccessMask>0</AccessMask>
+      </TrusteePermissions>
+      <TrusteePermissions>
+        <Trustee>
+          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2080119107-79042430-4151486730-512</SID>
+          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">MIRATIME\Domain Admins</Name>
+        </Trustee>
+        <Type xsi:type="PermissionType">
+          <PermissionType>Allow</PermissionType>
+        </Type>
+        <Inherited>false</Inherited>
+        <Applicability>
+          <ToSelf>true</ToSelf>
+          <ToDescendantObjects>false</ToDescendantObjects>
+          <ToDescendantContainers>true</ToDescendantContainers>
+          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
+        </Applicability>
+        <Standard>
+          <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
+        </Standard>
+        <AccessMask>0</AccessMask>
+      </TrusteePermissions>
+    </Permissions>
+    <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent>
+  </SecurityDescriptor>
+  <FilterDataAvailable>true</FilterDataAvailable>
+  <Computer>
+    <VersionDirectory>2</VersionDirectory>
+    <VersionSysvol>2</VersionSysvol>
+    <Enabled>true</Enabled>
+    <ExtensionData>
+      <Extension xmlns:q1="http://www.microsoft.com/GroupPolicy/Settings/Security" xsi:type="q1:SecuritySettings">
+        <q1:SecurityOptions>
+          <q1:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy</q1:KeyName>
+          <q1:SettingNumber>1</q1:SettingNumber>
+          <q1:Display>
+            <q1:Name>Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings</q1:Name>
+            <q1:Units />
+            <q1:DisplayBoolean>true</q1:DisplayBoolean>
+          </q1:Display>
+        </q1:SecurityOptions>
+        <q1:EventLog>
+          <q1:Name>MaximumLogSize</q1:Name>
+          <q1:Log>Application</q1:Log>
+          <q1:SettingNumber>16384</q1:SettingNumber>
+        </q1:EventLog>
+        <q1:EventLog>
+          <q1:Name>MaximumLogSize</q1:Name>
+          <q1:Log>System</q1:Log>
+          <q1:SettingNumber>16384</q1:SettingNumber>
+        </q1:EventLog>
+        <q1:EventLog>
+          <q1:Name>MaximumLogSize</q1:Name>
+          <q1:Log>Security</q1:Log>
+          <q1:SettingNumber>2048000</q1:SettingNumber>
+        </q1:EventLog>
+        <q1:Blocked>false</q1:Blocked>
+      </Extension>
+      <Name>Security</Name>
+    </ExtensionData>
+    <ExtensionData>
+      <Extension xmlns:q2="http://www.microsoft.com/GroupPolicy/Settings/Auditing" xsi:type="q2:AuditSettings">
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Credential Validation</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce923f-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Kerberos Authentication Service</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9242-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Kerberos Service Ticket Operations</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9240-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Other Account Logon Events</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9241-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Application Group Management</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9239-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Computer Account Management</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9236-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Distribution Group Management</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9238-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Other Account Management Events</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce923a-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Security Group Management</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9237-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit User Account Management</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9235-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit PNP Activity</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9248-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Process Creation</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce922b-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit RPC Events</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce922e-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Token Right Adjusted</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce924a-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Directory Service Changes</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce923c-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Account Lockout</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9217-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Group Membership</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9249-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Logoff</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9216-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Logon</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9215-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Network Policy Server</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9243-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Other Logon/Logoff Events</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce921c-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Special Logon</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce921b-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Application Generated</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9222-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Certification Services</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9221-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit File Share</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9224-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Removable Storage</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9245-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit SAM</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9220-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Audit Policy Change</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce922f-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Authentication Policy Change</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9230-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Authorization Policy Change</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9231-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Filtering Platform Policy Change</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9233-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Sensitive Privilege Use</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9228-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit IPsec Driver</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9213-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>1</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Other System Events</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9214-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>2</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Security State Change</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9210-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit Security System Extension</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9211-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+        <q2:AuditSetting>
+          <q2:PolicyTarget>System</q2:PolicyTarget>
+          <q2:SubcategoryName>Audit System Integrity</q2:SubcategoryName>
+          <q2:SubcategoryGuid>{0cce9212-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid>
+          <q2:SettingValue>3</q2:SettingValue>
+        </q2:AuditSetting>
+      </Extension>
+      <Name>Advanced Audit Configuration</Name>
+    </ExtensionData>
+    <ExtensionData>
+      <Extension xmlns:q3="http://www.microsoft.com/GroupPolicy/Settings/Registry" xsi:type="q3:RegistrySettings">
+        <q3:Policy>
+          <q3:Name>Include command line in process creation events</q3:Name>
+          <q3:State>Enabled</q3:State>
+          <q3:Explain>This policy setting determines what information is logged in security audit events when a new process has been created.
+
+This setting only applies when the Audit Process Creation policy is enabled. If you enable this policy setting the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.
+
+If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.
+
+Default: Not configured
+
+Note: When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information such as passwords or user data.
+      </q3:Explain>
+          <q3:Supported>At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1</q3:Supported>
+          <q3:Category>System/Audit Process Creation</q3:Category>
+        </q3:Policy>
+        <q3:Blocked>false</q3:Blocked>
+      </Extension>
+      <Name>Registry</Name>
+    </ExtensionData>
+  </Computer>
+  <User>
+    <VersionDirectory>1</VersionDirectory>
+    <VersionSysvol>1</VersionSysvol>
+    <Enabled>true</Enabled>
+    <ExtensionData>
+      <Extension xmlns:q4="http://www.microsoft.com/GroupPolicy/Settings/Registry" xsi:type="q4:RegistrySettings">
+        <q4:Policy>
+          <q4:Name>Turn on Module Logging</q4:Name>
+          <q4:State>Enabled</q4:State>
+          <q4:Explain>
+        This policy setting allows you to turn on logging for Windows PowerShell modules.
+
+        If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.
+
+        If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False.
+
+        If this policy setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False.
+
+        To add modules and snap-ins to the policy setting list, click Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer.
+
+        Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+      </q4:Explain>
+          <q4:Supported>At least Microsoft Windows 7 or Windows Server 2008 family</q4:Supported>
+          <q4:Category>Windows Components/Windows PowerShell</q4:Category>
+          <q4:Text>
+            <q4:Name>To turn on logging for one or more modules, click Show, and then type the module names in the list. Wildcards are supported.</q4:Name>
+          </q4:Text>
+          <q4:ListBox>
+            <q4:Name>Module Names</q4:Name>
+            <q4:State>Enabled</q4:State>
+            <q4:ExplicitValue>false</q4:ExplicitValue>
+            <q4:Additive>false</q4:Additive>
+            <q4:Value>
+              <q4:Element>
+                <q4:Data>*</q4:Data>
+              </q4:Element>
+            </q4:Value>
+          </q4:ListBox>
+          <q4:Text>
+            <q4:Name>To turn on logging for the Windows PowerShell core modules, type the following module names in the list:</q4:Name>
+          </q4:Text>
+          <q4:Text>
+            <q4:Name>Microsoft.PowerShell.*</q4:Name>
+          </q4:Text>
+          <q4:Text>
+            <q4:Name>Microsoft.WSMan.Management</q4:Name>
+          </q4:Text>
+        </q4:Policy>
+        <q4:Policy>
+          <q4:Name>Turn on PowerShell Script Block Logging</q4:Name>
+          <q4:State>Enabled</q4:State>
+          <q4:Explain>
+        This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting,
+        Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation.
+        
+        If you disable this policy setting, logging of PowerShell script input is disabled.
+        
+        If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script
+        starts or stops. Enabling Invocation Logging generates a high volume of event logs.
+        
+        Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+      </q4:Explain>
+          <q4:Supported>At least Microsoft Windows 7 or Windows Server 2008 family</q4:Supported>
+          <q4:Category>Windows Components/Windows PowerShell</q4:Category>
+          <q4:CheckBox>
+            <q4:Name>Log script block invocation start / stop events:</q4:Name>
+            <q4:State>Enabled</q4:State>
+          </q4:CheckBox>
+        </q4:Policy>
+        <q4:Blocked>false</q4:Blocked>
+      </Extension>
+      <Name>Registry</Name>
+    </ExtensionData>
+  </User>
+  <LinksTo>
+    <SOMName>miratime</SOMName>
+    <SOMPath>miratime.org</SOMPath>
+    <Enabled>true</Enabled>
+    <NoOverride>false</NoOverride>
+  </LinksTo>
+</GPO>
diff --git a/GPO Files/manifest.xml b/GPO Files/Logmira-manifest.xml
similarity index 94%
rename from GPO Files/manifest.xml
rename to GPO Files/Logmira-manifest.xml
index 52d6fed..430fdb2 100644
--- a/GPO Files/manifest.xml	
+++ b/GPO Files/Logmira-manifest.xml	
@@ -1 +1 @@
-<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst><GPOGuid><![CDATA[{C0F30034-879B-44B0-BC8C-AEDCFB1BCA8F}]]></GPOGuid><GPODomain><![CDATA[miratime.org]]></GPODomain><GPODomainGuid><![CDATA[{c992551c-902d-48a9-8ba9-9778bf537a67}]]></GPODomainGuid><GPODomainController><![CDATA[Blu-DC00.miratime.org]]></GPODomainController><BackupTime><![CDATA[2022-03-09T17:41:58]]></BackupTime><ID><![CDATA[{F0D0EA44-1516-469C-AB72-79E4E2668DFA}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Logmira]]></GPODisplayName></BackupInst></Backups>
\ No newline at end of file
+<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst><GPOGuid><![CDATA[{C0F30034-879B-44B0-BC8C-AEDCFB1BCA8F}]]></GPOGuid><GPODomain><![CDATA[miratime.org]]></GPODomain><GPODomainGuid><![CDATA[{c992551c-902d-48a9-8ba9-9778bf537a67}]]></GPODomainGuid><GPODomainController><![CDATA[Blu-DC00.miratime.org]]></GPODomainController><BackupTime><![CDATA[2022-03-09T17:41:58]]></BackupTime><ID><![CDATA[{F0D0EA44-1516-469C-AB72-79E4E2668DFA}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Logmira]]></GPODisplayName></BackupInst></Backups>
diff --git a/GPO Files/gpreport.xml b/GPO Files/gpreport.xml
deleted file mode 100644
index cdefca5..0000000
Binary files a/GPO Files/gpreport.xml and /dev/null differ