Cocowalla

Asked: 2017-03-15 01:08:49 +0800 CST2017-03-15 01:08:49 +0800 CST 2017-03-15 01:08:49 +0800 CST

Set audit policy, overriding group policy

My goal is to configure advanced audit policy for file system objects on some Windows machines, such that it overrides group policy. I need this to work for both Windows Server 2008 (R1) and later editions.

From what I've read, this is possible by setting this registry value to 1:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy

And then running this command:

auditpol.exe /set /subcategory:"File System" /success:enable

Am I understanding this correctly, or can advanced auditing policy also be overriden by group policy?

* UPDATE *

I created a couple of VMs and created a test domain, to try this out. It seems it does work, but the setting Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings (which controls SCENoApplyLegacyAuditPolicy) can still be disabled by group policy - and if it is, I can't figure out how to override it such that auditing isn't disabled again at the next gpupdate. Is this possible?

Set audit policy, overriding group policy

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Set audit policy, overriding group policy

0 Answers