?
Solved

Enable Auditing on specific Directories via GPO

Posted on 2014-11-21
1
Medium Priority
?
378 Views
Last Modified: 2014-11-21
I need to enable auditing on specific directories on about 500 servers.

Directories:

%systemroot%\
%systemroot%\repair
%systemroot%\config
%systemroot%\system32
%systemroot%\system32\drivers


I know how to configure each server manually/enable auditing on a specific directory. However, would I perform this via GPO on a massive scale?

many thx

t
0
Comment
Question by:tobe1424
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 6

Accepted Solution

by:
Asif Bacchus earned 2000 total points
ID: 40458158
I think your best bet would be to create a Security Template and deploy that via Group Policy to the OU(s) with your servers.

Open MMC and add the Security Template snap-in.  Under Security Templates, you'll see <Username>\Documents\Security\Templates.  This is where it will be stored by default, but don't worry, you can save it anywhere later.  Right-click and select New Template.  Name it, optionally give it a description, and click OK.

Expand your new template > File System.  Right-click and Add FIle.  Type %SystemRoot% in the folder box and click OK.  You'll be presented with the default Security dialog.  Click Advanced > Auditing Tab.  Now add the auditing entries you would like to setup as usual.  Also make sure you check whether or not you'd like this folder to inherit auditing permissions from its parent folder.  After clicking OK twice, you'll get the Add Object dialog box asking whether you'd like to propagate permissions.  Answer accordingly.  Now repeat this for your other folders.

Once you are done, right-click the security template and choose Save As... and save it where you'd like.  You can then delete the template in MMC.

Now, assuming you only want the auditing entries to apply (and NOT NTFS security permissions settings also), you'll want to edit the INF file.  Open the INF in your favourite text editor and delete permissions that start with "D:PAR" and leave only the ones that start with "S:AR"

Now we can deploy this with a GPO:

Create a GPO and go to Computer Configuration > Policies > Windows Settings > Security Settings.  Right-click Security Settings and choose Import Policy.  Verify that the settings are imported properly in Computer Configuration > Policies > Windows Settings > Security Settings > File System.

Now you can deploy that GPO as needed and the auditing entries will be set on the file system as you defined.  If you need to actually turn on auditing in the first place, you can find the necessary settings in Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy (or use the Advanced Audit Policy Configuration).

HTH.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question