Solved

How do I enable file system auditing via VBS?

Posted on 2010-09-07
5
688 Views
Last Modified: 2012-05-10
Hi Everyone,

I'm looking to enable file system auditing for all local administrators across a very large number of windows servers (2000/2003/2008) and need to know if this can be scripted (VBS preferred). I have created and exported a security INF profile and know this can be imported on a server to apply changes. But since I need to apply these settings on a large number of systems, importing this INF on each server is not going to be feasible.

Please help.

Thanks!
0
Comment
Question by:jspirko
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 33623230
Hi, it would probably be easiest to automate the install of the INF onto each server.  What is the comand that you use to do this?  We could probably just put that command in a central batch file, then use PSExec to run the batch file on each server...

Regards,

Rob.
0
 

Author Comment

by:jspirko
ID: 33626944
On a test machine I modified the local security policy with the settings that I needed. Then I export the security settings to an INF file (Local Security Policy > Security Settings > Right-Click > Export Policy). Then on the target server I can import the INF file (Local Security Policy > Security Settings > Right-Click > Import Policy).

So far I've done this manually as stated above. If there is a way to automate this that would be great.

Thanks,

Jason
0
 

Author Comment

by:jspirko
ID: 33626960
I'm not worried how to deploy the script to the servers. We have HP Opsware in our environment that we can use to push the script out.

~ Jason
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 33632618
OK, it looks like SecEdit will be the tool for this job, but I can't see the different between the /configure and /import options.

I have a feeling you're more after the /configure option though.  There's a few deployment methods here that should help you.  It appears you can use the secedit command rolled out to import the settings, or even use GPO.
http://www.windowsecurity.com/articles/Baselining-Security-Templates.html

Another document here might give you more info:
http://www.governmentsecurity.org/articles/step-by-step-guide-using-security-configuration-toolset.html

But that should get you well on the way, as long as you can figure out the secedit command.

Regards,

Rob.
0
 

Author Comment

by:jspirko
ID: 33775516
Thanks. I used the following SecEdit command to import the security template:

Secedit /configure /db secedit.sdb /cfg"c:\temp\custom.inf"
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Logon script fails 23 71
Consolidation of Worksheet into a final worksheet 4 60
how to loop through and process two columns in excel 8 72
How to set PAUSE for this script ? 5 24
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question