Solved

Unable to set audit policy

Posted on 2016-09-21
4
21 Views
Last Modified: 2016-09-27
Hi, Help I am trying to set Account Management subcategories Audit Policies from a command prompt using the an auditpol batch file. I run the CMD prompt as local administrator and for each audit policy in the batch file I get the following error;
"Error 0x00000522 occurred:
A required privilege is not held by the client."

example  command Auditpol /set /category:"Account Management" /subcategory:"User Account Management" /success:enable

The OS is Windows Server 2008 SP2
I am logging on with local admin
The server is not on a domain
Audit-Pol-Command-Prompt-text.txt
0
Comment
Question by:EL Gato
  • 2
  • 2
4 Comments
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 500 total points
ID: 41809290
Hi.

Let's follow the error message. The privilege that it's talking about might be
Manage auditing and security log

This security setting determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys.

This security setting does not allow a user to enable file and object access auditing in general. For such auditing to be enabled, the Audit object access setting in Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policies must be configured.

Find it in secpol.msc - local policies - user rights assignment
1
 

Accepted Solution

by:
EL Gato earned 0 total points
ID: 41810738
I created a group and named it Auditors, added Administrator account to the Auditors group. then in Local Security Policy> Local Policies> User Rights Assignment> Manage auditing and security log, I added the Auditors group. This worked like a charm however, I don't understand why it would not work when the Administrators group had permissions to "Manage auditing and security log" it only worked when Auditors group had permissions to "Manage auditing and security log". Things that make you go Hmmm.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41810898
Reason: Could it be that you didn't elevate the command prompt? Only an elevated command prompt will really treat you as an admin.
0
 

Author Closing Comment

by:EL Gato
ID: 41817539
Thanks to McKnife for putting me on the right trail. The key seemed to be creating a group called Auditors and adding admins to that group once the group was added to Manage auditing and security log the script ran without an error.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now