Auditpol
This command is new to Windows Server 2008 and Vista and is required for querying or configuring audit policy at the subcategory level. Before using this command to configure subcategories make sure you enable "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings".
This command is the only way you can configure audit policy at the subcategory level (Group Policy only allows you to configure audit policy at the category level). Furthermore auditpol does not accept a computer name for remotely configuring audit policy on another computer on the network; instead you must execute auditpol locally on each system.
To see the full syntax for this command run "auditpol /?" at the command line.
To get a listing of all categories and their subcategories, run:
auditpol /list /subcategory:*
To display the current audit policy for all subcategories run:
auditpol /get /category:*
Here's an example of enabling the File System subcategory for success and failure:
AUDITPOL /SET /SUBCATEGORY:"file system" /SUCCESS:ENABLE /FAILURE:ENABLE
This command is the only way you can configure audit policy at the subcategory level (Group Policy only allows you to configure audit policy at the category level). Furthermore auditpol does not accept a computer name for remotely configuring audit policy on another computer on the network; instead you must execute auditpol locally on each system.
To see the full syntax for this command run "auditpol /?" at the command line.
To get a listing of all categories and their subcategories, run:
auditpol /list /subcategory:*
To display the current audit policy for all subcategories run:
auditpol /get /category:*
Here's an example of enabling the File System subcategory for success and failure:
AUDITPOL /SET /SUBCATEGORY:"file system" /SUCCESS:ENABLE /FAILURE:ENABLE
No comments:
Post a Comment