Solved

Setting "Auditing" for "Everyone" on "Failed" events.

Posted on 2009-05-19
5
836 Views
Last Modified: 2012-05-07
Basically I am looking for a programmatic method to set auditing on each disk of a system. This needs to audit for everyone on all failed events on each disk adn all sub directories and files. This is easily done via the Windows GUI with a right click on the drive letter -> security tab -> auditing tab -> add "Everyone" -> "Full Control" for the failed column on all events. However, I need to do this with a script. Batch, VBS, whatever....I have been trying to use SetACL.exe (http://setacl.sourceforge.net/html/examples.html)  for this with this command (SetACL.exe -on "C:\" -ot file -ace "n:.\Everyone;p:full;m:aud_fail;w:sacl;") but while this did "Finish Successfully" it didn't make the changes I needed.

Any thoughts?.....

Thanks in advance.
0
Comment
Question by:adamhealy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 16

Expert Comment

by:speshalyst
ID: 24430947
This would give you a better insight about your requirement.. and other possible alternatives..
http://www.msfn.org/board/lofiversion/index.php/t65035.html
 
0
 
LVL 4

Expert Comment

by:delyan_valchev
ID: 24509308
I've had problems with the SACL setting with the older versions of SetACL, but the latest one works as a charm. The exact same parameters work fine with me on the SetACL 2.0.3.0 with a little cleanup.
SetACL.exe -on C:\ -ot file -ace "n:Everyone;p:full;m:aud_fail;w:sacl"
Hope it helps!
Delyan
0
 
LVL 2

Author Comment

by:adamhealy
ID: 24526192
delyan valchev,

Thanks for the info. I ran the command as you demonstrated and while it did complete successfully the auditing is not showing up in the windows gui. See the attached file.

Any ideas?

-adam
W2k3-2009-06-02-08-54-12.JPG
0
 
LVL 4

Accepted Solution

by:
delyan_valchev earned 500 total points
ID: 24526277
Adam,
I think we are both blind :)
The command is nice but it is missing the action that's why it completes successfully  doing nothing. You need to add the -ACTN ACE switch to instruct SetACL to actually edit the ACLs.

Delyan
0
 
LVL 2

Author Comment

by:adamhealy
ID: 24526334
Excellent....Thanks that worked like a charm!!!!
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question