Click here to get back home

Directory Auditing (SACLS)
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Directory Auditing (SACLS) 11001010Bob 11-13-2007
Posted by 11001010Bob on November 13, 2007, 12:00 pm
Please log in for more thread options
 Due to Security requirements I have to setup and check auditing on
directories for about 40 systems. Using auditpol.exe from the Win2K Resource
Kit I can setup the System level auditing. Does anyone know of a similiar
command line tool or utility that will work with directory auditing (SACLS)?
The requirements are
1. needs to be US software(Security Req)
2. easy to obtain
3. should allow both checking the audit settings remotely and configuring
the settings remotely, or using RCMD
4. Allow use in a batch file or script

Any help or ideas is appreciated
Bob

Posted by Roger Abell [MVP] on November 13, 2007, 10:25 pm
Please log in for more thread options
 Security templates can do this, which would be great if your
machines have similar drive layouts as a group policy could
then apply broadly.
Once you have defined the security template and saved it
you would need to edit the text file to remove the DACL
part of each node for which you had defined an entry in the
template. Creating an NTFS specification in security templates
that applies only SACLs seems beyond the GUI, but once you
have removed the DACL part, they can be applied with the
Security Configuration and Analysis snapin or via import
into a GPO (but be careful there as GPOs get reapplied so
that could cause excessive reapplication).

Roger

> Due to Security requirements I have to setup and check auditing on
> directories for about 40 systems. Using auditpol.exe from the Win2K
> Resource
> Kit I can setup the System level auditing. Does anyone know of a similiar
> command line tool or utility that will work with directory auditing
> (SACLS)?
> The requirements are
> 1. needs to be US software(Security Req)
> 2. easy to obtain
> 3. should allow both checking the audit settings remotely and configuring
> the settings remotely, or using RCMD
> 4. Allow use in a batch file or script
>
> Any help or ideas is appreciated
> Bob



Posted by 11001010Bob on November 14, 2007, 12:28 pm
Please log in for more thread options
Using group policy to set the SACLS would work, although with a mix of 2003,
XP, 2000, and NT4 Ws and Srvr it doesnt always push correctly. However that
doesnt allow me to go out and check the systems remotely to ensure the
settings were pushed correctly. Thats why I'm looking for some type of
commandline tool that can go out and check all systems at once. Auditpol.exe
would be great if they had put that functionality in it.

"Roger Abell [MVP]" wrote:

> Security templates can do this, which would be great if your
> machines have similar drive layouts as a group policy could
> then apply broadly.
> Once you have defined the security template and saved it
> you would need to edit the text file to remove the DACL
> part of each node for which you had defined an entry in the
> template. Creating an NTFS specification in security templates
> that applies only SACLs seems beyond the GUI, but once you
> have removed the DACL part, they can be applied with the
> Security Configuration and Analysis snapin or via import
> into a GPO (but be careful there as GPOs get reapplied so
> that could cause excessive reapplication).
>
> Roger
>
> > Due to Security requirements I have to setup and check auditing on
> > directories for about 40 systems. Using auditpol.exe from the Win2K
> > Resource
> > Kit I can setup the System level auditing. Does anyone know of a similiar
> > command line tool or utility that will work with directory auditing
> > (SACLS)?
> > The requirements are
> > 1. needs to be US software(Security Req)
> > 2. easy to obtain
> > 3. should allow both checking the audit settings remotely and configuring
> > the settings remotely, or using RCMD
> > 4. Allow use in a batch file or script
> >
> > Any help or ideas is appreciated
> > Bob
>
>
>

Posted by Roger Abell [MVP] on November 15, 2007, 1:33 am
Please log in for more thread options
Well, I for one am not aware of tools that aim at managing
SACLs, or for that matter of many that aim at managing DACLs
broadly that actually do so in a convenient way.
Although the NT4 systems would be problematic, one can
do what you are after, both set and verify, with WMI from
script and it is remotable provided access.

Roger

> Using group policy to set the SACLS would work, although with a mix of
> 2003,
> XP, 2000, and NT4 Ws and Srvr it doesnt always push correctly. However
> that
> doesnt allow me to go out and check the systems remotely to ensure the
> settings were pushed correctly. Thats why I'm looking for some type of
> commandline tool that can go out and check all systems at once.
> Auditpol.exe
> would be great if they had put that functionality in it.
>
> "Roger Abell [MVP]" wrote:
>
>> Security templates can do this, which would be great if your
>> machines have similar drive layouts as a group policy could
>> then apply broadly.
>> Once you have defined the security template and saved it
>> you would need to edit the text file to remove the DACL
>> part of each node for which you had defined an entry in the
>> template. Creating an NTFS specification in security templates
>> that applies only SACLs seems beyond the GUI, but once you
>> have removed the DACL part, they can be applied with the
>> Security Configuration and Analysis snapin or via import
>> into a GPO (but be careful there as GPOs get reapplied so
>> that could cause excessive reapplication).
>>
>> Roger
>>
>> > Due to Security requirements I have to setup and check auditing on
>> > directories for about 40 systems. Using auditpol.exe from the Win2K
>> > Resource
>> > Kit I can setup the System level auditing. Does anyone know of a
>> > similiar
>> > command line tool or utility that will work with directory auditing
>> > (SACLS)?
>> > The requirements are
>> > 1. needs to be US software(Security Req)
>> > 2. easy to obtain
>> > 3. should allow both checking the audit settings remotely and
>> > configuring
>> > the settings remotely, or using RCMD
>> > 4. Allow use in a batch file or script
>> >
>> > Any help or ideas is appreciated
>> > Bob
>>
>>
>>



Similar ThreadsPosted
auditing active directory not working properly directory serviceaccess October 21, 2005, 7:47 pm
Linking PKI directory accounts with Active Directory? February 11, 2007, 5:29 am
Login Auditing June 17, 2005, 11:05 am
Auditing Security July 22, 2005, 1:21 pm
Auditing user OU Changes February 14, 2008, 11:48 am
Class on Rights and Auditing July 18, 2005, 11:41 am
Auditing on a member server November 9, 2005, 2:30 pm
Auditing Workstation logons from DC January 24, 2006, 7:29 pm
Auditing process kills February 28, 2007, 2:01 pm
security auditing on a share March 1, 2007, 4:13 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap