?
Solved

Enable Auditing on specific Directories via GPO

Posted on 2014-11-21
1
Medium Priority
?
410 Views
Last Modified: 2014-11-21
I need to enable auditing on specific directories on about 500 servers.

Directories:

%systemroot%\
%systemroot%\repair
%systemroot%\config
%systemroot%\system32
%systemroot%\system32\drivers


I know how to configure each server manually/enable auditing on a specific directory. However, would I perform this via GPO on a massive scale?

many thx

t
0
Comment
Question by:tobe1424
1 Comment
 
LVL 6

Accepted Solution

by:
Asif Bacchus earned 2000 total points
ID: 40458158
I think your best bet would be to create a Security Template and deploy that via Group Policy to the OU(s) with your servers.

Open MMC and add the Security Template snap-in.  Under Security Templates, you'll see <Username>\Documents\Security\Templates.  This is where it will be stored by default, but don't worry, you can save it anywhere later.  Right-click and select New Template.  Name it, optionally give it a description, and click OK.

Expand your new template > File System.  Right-click and Add FIle.  Type %SystemRoot% in the folder box and click OK.  You'll be presented with the default Security dialog.  Click Advanced > Auditing Tab.  Now add the auditing entries you would like to setup as usual.  Also make sure you check whether or not you'd like this folder to inherit auditing permissions from its parent folder.  After clicking OK twice, you'll get the Add Object dialog box asking whether you'd like to propagate permissions.  Answer accordingly.  Now repeat this for your other folders.

Once you are done, right-click the security template and choose Save As... and save it where you'd like.  You can then delete the template in MMC.

Now, assuming you only want the auditing entries to apply (and NOT NTFS security permissions settings also), you'll want to edit the INF file.  Open the INF in your favourite text editor and delete permissions that start with "D:PAR" and leave only the ones that start with "S:AR"

Now we can deploy this with a GPO:

Create a GPO and go to Computer Configuration > Policies > Windows Settings > Security Settings.  Right-click Security Settings and choose Import Policy.  Verify that the settings are imported properly in Computer Configuration > Policies > Windows Settings > Security Settings > File System.

Now you can deploy that GPO as needed and the auditing entries will be set on the file system as you defined.  If you need to actually turn on auditing in the first place, you can find the necessary settings in Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy (or use the Advanced Audit Policy Configuration).

HTH.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question