Solved

Unable to set audit policy

Posted on 2016-09-21
4
41 Views
Last Modified: 2016-09-27
Hi, Help I am trying to set Account Management subcategories Audit Policies from a command prompt using the an auditpol batch file. I run the CMD prompt as local administrator and for each audit policy in the batch file I get the following error;
"Error 0x00000522 occurred:
A required privilege is not held by the client."

example  command Auditpol /set /category:"Account Management" /subcategory:"User Account Management" /success:enable

The OS is Windows Server 2008 SP2
I am logging on with local admin
The server is not on a domain
Audit-Pol-Command-Prompt-text.txt
0
Comment
Question by:EL Gato
  • 2
  • 2
4 Comments
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 500 total points
ID: 41809290
Hi.

Let's follow the error message. The privilege that it's talking about might be
Manage auditing and security log

This security setting determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys.

This security setting does not allow a user to enable file and object access auditing in general. For such auditing to be enabled, the Audit object access setting in Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policies must be configured.

Find it in secpol.msc - local policies - user rights assignment
1
 

Accepted Solution

by:
EL Gato earned 0 total points
ID: 41810738
I created a group and named it Auditors, added Administrator account to the Auditors group. then in Local Security Policy> Local Policies> User Rights Assignment> Manage auditing and security log, I added the Auditors group. This worked like a charm however, I don't understand why it would not work when the Administrators group had permissions to "Manage auditing and security log" it only worked when Auditors group had permissions to "Manage auditing and security log". Things that make you go Hmmm.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 41810898
Reason: Could it be that you didn't elevate the command prompt? Only an elevated command prompt will really treat you as an admin.
0
 

Author Closing Comment

by:EL Gato
ID: 41817539
Thanks to McKnife for putting me on the right trail. The key seemed to be creating a group called Auditors and adding admins to that group once the group was added to Manage auditing and security log the script ran without an error.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question