Re: Audit Software Restriction Policy
From: andy smart (anonymus_at_discussions.microsoft.com)
Date: 10/08/04
- Previous message: andy smart: "Re: usb pen drives - sometimes install sometimes not"
- In reply to: Steven L Umbach: "Re: Audit Software Restriction Policy"
- Next in thread: andy smart: "Re: Audit Software Restriction Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 08 Oct 2004 21:38:34 +0100
Steven L Umbach wrote:
> I think that the events would be recorded in the application or
system log
> without enabling any more policies. I know of no specific audit
policy that
> could track that otherwise unless you want to enable auditing of object
> access on the computer and then audit folders for failure for the
execute
> permissions for files only in the apply onto selection. The problem with
> enabling auditing of object access is that a lot of events may be
recorded
> in the security log by the system for seemingly unrelated events and it
> would not work on removeable media. --- Steve
>
>
> "andy smart" <anonymus@discussions.microsoft.com> wrote in message
> news:ck5uic$gtm$1@newsfeed.th.ifl.net...
>
> Hi
>
> We now have this software restriction policy which prevents users
> running applications from various places. Not only would we like to stop
> them, we'd like to know who tried :-)
>
> How can I turn on auditing for this? I'd like it to record every time a
> user tries to run an app?
>
> tia
> andy
Something else for me to check on Monday :-)
- application/pgp-signature attachment: OpenPGP digital signature
- Previous message: andy smart: "Re: usb pen drives - sometimes install sometimes not"
- In reply to: Steven L Umbach: "Re: Audit Software Restriction Policy"
- Next in thread: andy smart: "Re: Audit Software Restriction Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
