Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Unable to set audit policy

Posted on 2016-09-21
4
Medium Priority
?
87 Views
Last Modified: 2016-09-27
Hi, Help I am trying to set Account Management subcategories Audit Policies from a command prompt using the an auditpol batch file. I run the CMD prompt as local administrator and for each audit policy in the batch file I get the following error;
"Error 0x00000522 occurred:
A required privilege is not held by the client."

example  command Auditpol /set /category:"Account Management" /subcategory:"User Account Management" /success:enable

The OS is Windows Server 2008 SP2
I am logging on with local admin
The server is not on a domain
Audit-Pol-Command-Prompt-text.txt
0
Comment
Question by:EL Gato
  • 2
  • 2
4 Comments
 
LVL 57

Assisted Solution

by:McKnife
McKnife earned 2000 total points
ID: 41809290
Hi.

Let's follow the error message. The privilege that it's talking about might be
Manage auditing and security log

This security setting determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys.

This security setting does not allow a user to enable file and object access auditing in general. For such auditing to be enabled, the Audit object access setting in Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policies must be configured.

Find it in secpol.msc - local policies - user rights assignment
1
 

Accepted Solution

by:
EL Gato earned 0 total points
ID: 41810738
I created a group and named it Auditors, added Administrator account to the Auditors group. then in Local Security Policy> Local Policies> User Rights Assignment> Manage auditing and security log, I added the Auditors group. This worked like a charm however, I don't understand why it would not work when the Administrators group had permissions to "Manage auditing and security log" it only worked when Auditors group had permissions to "Manage auditing and security log". Things that make you go Hmmm.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 41810898
Reason: Could it be that you didn't elevate the command prompt? Only an elevated command prompt will really treat you as an admin.
0
 

Author Closing Comment

by:EL Gato
ID: 41817539
Thanks to McKnife for putting me on the right trail. The key seemed to be creating a group called Auditors and adding admins to that group once the group was added to Manage auditing and security log the script ran without an error.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When asking a question in a forum or creating documentation, screenshots are vital tools that can convey a lot more information and save you and your reader a lot of time
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question