Solved

Auditing %SystemRoot%\system32 or c:\windows\system32 Files

Posted on 2009-07-06
3
672 Views
Last Modified: 2012-05-07
I have two questions for this subject:

1.  What is the difference between the SystemRoot location and the "windows" location?

2.  If I need to set auditing for specific files within the \system32 directory, does it matter if I set it through SystemRoot or in the \system32 directory?
0
Comment
Question by:myoutback
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
PlusIT earned 125 total points
ID: 24784982
1.  the difference is that the SystemRoot is a variable poointing to your windows installation.  Not everyone installs c:\windows by using for example %systemroot%\system32 you are sure you can browse to the system32 folder even if your windows is not installed in C.
Try this by opening a cmd shell and echo the variable with the command: echo %SYSTEMROOT%

2.  try to use variables as much as you can.
0
 

Author Comment

by:myoutback
ID: 24793821
Thanks for the explanation.

If I wanted to set auditing to %SystemRoot%\system32\activeds.dll from the cmd shell, what would it look like?
0
 
LVL 10

Assisted Solution

by:PlusIT
PlusIT earned 125 total points
ID: 24801766
i'm not sure tbh never done it myself this maybe can help you:
http://technet.microsoft.com/en-ca/magazine/2008.08.scom.aspx
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
OfficeMate Freezes on login or does not load after login credentials are input.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now