Setting "Auditing" for "Everyone" on "Failed" events.

Basically I am looking for a programmatic method to set auditing on each disk of a system. This needs to audit for everyone on all failed events on each disk adn all sub directories and files. This is easily done via the Windows GUI with a right click on the drive letter -> security tab -> auditing tab -> add "Everyone" -> "Full Control" for the failed column on all events. However, I need to do this with a script. Batch, VBS, whatever....I have been trying to use SetACL.exe (http://setacl.sourceforge.net/html/examples.html)  for this with this command (SetACL.exe -on "C:\" -ot file -ace "n:.\Everyone;p:full;m:aud_fail;w:sacl;") but while this did "Finish Successfully" it didn't make the changes I needed.

Any thoughts?.....

Thanks in advance.
LVL 2
adamhealyAsked:
Who is Participating?
 
delyan_valchevConnect With a Mentor Commented:
Adam,
I think we are both blind :)
The command is nice but it is missing the action that's why it completes successfully  doing nothing. You need to add the -ACTN ACE switch to instruct SetACL to actually edit the ACLs.

Delyan
0
 
speshalystCommented:
This would give you a better insight about your requirement.. and other possible alternatives..
http://www.msfn.org/board/lofiversion/index.php/t65035.html
 
0
 
delyan_valchevCommented:
I've had problems with the SACL setting with the older versions of SetACL, but the latest one works as a charm. The exact same parameters work fine with me on the SetACL 2.0.3.0 with a little cleanup.
SetACL.exe -on C:\ -ot file -ace "n:Everyone;p:full;m:aud_fail;w:sacl"
Hope it helps!
Delyan
0
 
adamhealyAuthor Commented:
delyan valchev,

Thanks for the info. I ran the command as you demonstrated and while it did complete successfully the auditing is not showing up in the windows gui. See the attached file.

Any ideas?

-adam
W2k3-2009-06-02-08-54-12.JPG
0
 
adamhealyAuthor Commented:
Excellent....Thanks that worked like a charm!!!!
0
All Courses

From novice to tech pro — start learning today.