Re: Follow-up to: Windows 2000 Professional local auditing policies and Sysprep

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Derek Melber [MVP] (derekm_at_braincore.net)
Date: 03/19/04 

Date: Fri, 19 Mar 2004 09:15:01 -0700

Sure!

Use the File Permissions in the GPO where you are setting up the auditing.
It is directly below the Local Policies node. You can set up auditing on any
folder that exists on the computer. Just make sure the folder does exist, or
you will get strange results for GPO application. 

-- 
Derek Melber
BrainCore.Net
derekm@braincore.net
"Tom Kemp" <tntkemp@hotmail.com> wrote in message
news:e0giHGcDEHA.1128@TK2MSFTNGP11.phx.gbl...
> Ok, yes, it's true..the best way to set auditing policies to all of the
> workstations in this Windows 2003 domain with Windows 2000 Clients that
> we're reproducing was to use Windows Server 2003's Group Policy Editor.
>
> However, there's still one major step that I'm having issue with.  Once
the
> policy is set, We still need to configure auditing on each workstation to
> record all successes and failures of access in the security logs...special
> circumstance requirement.  At this point that means going into the
> properties of each drive letter and setting auditing for the user
'everyone'
> and selecting each and every success and failure....then applying the new
> setting to include all folders and files from the root on out.
>
> This can take a good bit of time on each drive!  Not to mention that you
> would have to keep your eye on them, as certain files can't be changed,
such
> as swap files, etc...so you have to tell it to skip/continue.
>
> Is there a better way?  If set on the master, would this setting survive a
> sysprep, or would sysprep reset this?
>
> Thank you in advance, once again!
>
>
> __________________________________________________________________ Tom
Kemp
> MCSE/CNA/A+ ICQ#: 157741210 Current ICQ status: + More ways to contact me
> __________________________________________________________________
>
>

Relevant Pages

  • Re: File Auditing with Group Policy
    ... object access auditing as you have described and a script to turn auditing ... start generating shirtloads of audit events you might blow out your logs so ... The GPO doesn't come into this though. ...
    (microsoft.public.windows.group_policy)
  • Re: File Auditing with Group Policy
    ... object access auditing as you have described and a script to turn auditing ... start generating shirtloads of audit events you might blow out your logs so ... The GPO doesn't come into this though. ...
    (microsoft.public.windows.group_policy)
  • Re: File Auditing with Group Policy
    ... You will need a GPO to enable object access auditing as you have described and a script to turn auditing of the events you are after for each object. ... So if you start generating shirtloads of audit events you might blow out your logs so that they only hold a small amount of data. ... cetain folders we and only the create/write data successes and delete success ...
    (microsoft.public.windows.group_policy)
  • Re: Auditing GPO Win2000
    ... You can audit auditing on any W2K computer either in Local Security Policy or via a ... GPO in the container where the computer resides. ... Auditing is part of "computer" configuration.--- Steve ... > All my meber servers are in an OU called Terminal Servers. ...
    (microsoft.public.win2000.group_policy)
  • Re: Enterprise file auditing
    ... First - Use auditing to monitor the modification and deletion of files on ... Third - Find a way through script or GPO to roll this out to all of our ... Cacls only does DACLs, not SACLs. ... In a GPO or security template there is a Filesystem section. ...
    (microsoft.public.windows.server.security)