Re: Enable file auditing on many servers

From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
Date: Fri, 22 Dec 2006 13:46:11 -0700

Tina,

Use the Security Template snapin to define the desired auditing.
As you discovered, attempts to set filesystem NTFS audit will
automatically define a DACL as well as the SACL you are after.
After you have saved the template, just go in with a text editor
and delete the DACL part, leaving only the SACLpart in the SDDL
generated. The template may then be imported into a GPO for broad
application. You may want to look up the syntax of SDDL on the
msdn.microsoft.com site to guide you. (Note, it is best to not
apply NTFS settings in a GPO that carries other settings, since
when these are changed, reapplication will be triggered, potentially
causing repeated, needless, filesystem passes over large storage).

Roger
"Tina Shields" <TinaShields@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:40109D01-1020-4C46-9175-C5C5EE73AD66@xxxxxxxxxxxxxxxx

I have 1,000 servers on which I want to enable file access auditing. I
tried
to use a GPO; however, this method replaced the permissions on the files.
I
want to just add auditing to the SACL.

Am I missing something in the GPO? Can I use a registry key to turn this
on?

Any advice would be greatly appreciated.

Tina

Prev by Date: Port Scanning
Next by Date: Re: Enum only files/folders where explicit NTFS rights have been s
Previous by thread: Port Scanning
Next by thread: Re: Enable file auditing on many servers
Index(es):
- Date
- Thread

Relevant Pages

Re: Enterprise file auditing
... then you probably need to examine the DACL on that file. ... In that same template I also enabled GPO Computer ... First - Use auditing to monitor the modification and deletion of files ... In a GPO or security template there is a Filesystem section. ...
(microsoft.public.windows.server.security)
Re: Restricted Groups Not Working
... If the template is the issue, you can edit it and it will contain the GUID of the GPO from which it came so you can fix manually in the sysvol or via gpedit. ... I'm trying through Group policy to add a Security Group which I have created called Notts-xpadmins to the local administrators group on my xp workstations. ... Administrative privileged user logged on. ...
(microsoft.public.windows.group_policy)
Re: security template file import
... gpttmpl.inf in the secedit folder of the GPO file system folder ... > in here is a single file - GPTTMPL.INF that lists the securtiy settings ... > as i can see is a copy of an imported security settings file) - is this ... >> template outside of the GPO which you edit to contain all the security ...
(microsoft.public.win2000.security)
Re: Auto Login
... Thank you for your sharing your experience here, Derek! ... > Can I use a GPO to have a machine login automatically with a certain user ... How to Enable Automatic Logon in Windows ... The template is just text, so there is no compilation at all. ...
(microsoft.public.win2000.group_policy)
Re: updating free/busy information at the server level
... You can do this via GPO and the Outlook .adm template. ... >>> modify the free/busy information on the server level. ...
(microsoft.public.exchange.admin)