Solved

Setting "Auditing" for "Everyone" on "Failed" events.

Posted on 2009-05-19
5
817 Views
Last Modified: 2012-05-07
Basically I am looking for a programmatic method to set auditing on each disk of a system. This needs to audit for everyone on all failed events on each disk adn all sub directories and files. This is easily done via the Windows GUI with a right click on the drive letter -> security tab -> auditing tab -> add "Everyone" -> "Full Control" for the failed column on all events. However, I need to do this with a script. Batch, VBS, whatever....I have been trying to use SetACL.exe (http://setacl.sourceforge.net/html/examples.html)  for this with this command (SetACL.exe -on "C:\" -ot file -ace "n:.\Everyone;p:full;m:aud_fail;w:sacl;") but while this did "Finish Successfully" it didn't make the changes I needed.

Any thoughts?.....

Thanks in advance.
0
Comment
Question by:adamhealy
  • 2
  • 2
5 Comments
 
LVL 16

Expert Comment

by:speshalyst
Comment Utility
This would give you a better insight about your requirement.. and other possible alternatives..
http://www.msfn.org/board/lofiversion/index.php/t65035.html
 
0
 
LVL 4

Expert Comment

by:delyan_valchev
Comment Utility
I've had problems with the SACL setting with the older versions of SetACL, but the latest one works as a charm. The exact same parameters work fine with me on the SetACL 2.0.3.0 with a little cleanup.
SetACL.exe -on C:\ -ot file -ace "n:Everyone;p:full;m:aud_fail;w:sacl"
Hope it helps!
Delyan
0
 
LVL 2

Author Comment

by:adamhealy
Comment Utility
delyan valchev,

Thanks for the info. I ran the command as you demonstrated and while it did complete successfully the auditing is not showing up in the windows gui. See the attached file.

Any ideas?

-adam
W2k3-2009-06-02-08-54-12.JPG
0
 
LVL 4

Accepted Solution

by:
delyan_valchev earned 500 total points
Comment Utility
Adam,
I think we are both blind :)
The command is nice but it is missing the action that's why it completes successfully  doing nothing. You need to add the -ACTN ACE switch to instruct SetACL to actually edit the ACLs.

Delyan
0
 
LVL 2

Author Comment

by:adamhealy
Comment Utility
Excellent....Thanks that worked like a charm!!!!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now