configure audit policy

Auditpol

This command is new to Windows Server 2008 and Vista and is required for querying or configuring audit policy at the subcategory level. Before using this command to configure subcategories make sure you enable "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings".

This command is the only way you can configure audit policy at the subcategory level (Group Policy only allows you to configure audit policy at the category level). Furthermore auditpol does not accept a computer name for remotely configuring audit policy on another computer on the network; instead you must execute auditpol locally on each system.

To see the full syntax for this command run "auditpol /?" at the command line.

To get a listing of all categories and their subcategories, run:

auditpol /list /subcategory:*

To display the current audit policy for all subcategories run:

auditpol /get /category:*

Here's an example of enabling the File System subcategory for success and failure:

AUDITPOL /SET /SUBCATEGORY:"file system" /SUCCESS:ENABLE /FAILURE:ENABLE

SET ADMIN ONLY ACCESS PERMISSION ON A FILE

namespace PermissionTest

{

public class PermissionControl

{

List usernames = new List();

List adminusers = new List();

string file_path = "C:\\TEXT1.txt";

public PermissionControl()

{

try

{

GetALLUsersList();

Load_Admin_Users();

}

catch (Exception ex) {

MessageBox.Show(ex.ToString());

}

RemoveAccess(file_path);

}

// -- this function all the users of the system on the generic list --

private void GetALLUsersList()

{

DirectoryEntry directoryEntry = new DirectoryEntry("WinNT://" + Environment.MachineName);

foreach (DirectoryEntry child in directoryEntry.Children)

{

if (child.SchemaClassName == "User")

{

usernames.Add(child.Name);

}

}

}

// -- this function admin users of the system on the generic list --

private void Load_Admin_Users()

{

using (DirectoryEntry groupEntry = new DirectoryEntry("WinNT://./Administrators,group"))

{

foreach (object member in (IEnumerable)groupEntry.Invoke("Members"))

{

using (DirectoryEntry memberEntry = new DirectoryEntry(member))

{

adminusers.Add(memberEntry.Name);

//Console.WriteLine(memberEntry.Name);

}

}

}

//Console.ReadKey();

}

//--- this method is used to remove access of non admin users on a file --

private void RemoveAccess(string FilePath)

{

try

{

FileSecurity fs = File.GetAccessControl(FilePath);

foreach (string uname in usernames)

{

if (adminusers.Contains(uname) == false)

{

try

{

fs.AddAccessRule(new FileSystemAccessRule(System.Environment.UserDomainName + "\\" + uname, FileSystemRights.FullControl, AccessControlType.Deny));

File.SetAccessControl(FilePath, fs);

}

catch (System.Security.SecurityException se)

{

MessageBox.Show(se.ToString());

}

catch (Exception ex)

{

MessageBox.Show(ex.ToString());

}

}

}

}

catch (Exception ex)

{

MessageBox.Show(ex.ToString());

}

MessageBox.Show("Admin Permissions applied.", "Test");

// @System.Environment.UserDomainName\AccountName"

// "denied from FullControl access.");

}

}

static class Program

{

static string LogFile = Application.StartupPath + "\\LogFile.txt";

///

/// The main entry point for the application.

///

[STAThread]

static void Main()

{

//Application.EnableVisualStyles();

//Application.SetCompatibleTextRenderingDefault(false);

//Application.Run(new PermissionTest ());

// Execute the command synchronously.

// first of create a log file

if (!File.Exists(LogFile))

{

File.Create(LogFile);

}

PermissionControl p = new PermissionControl();

}

}

}