JSI Tip 0253 - Set audit Policies in batch.

AUDITPOL.EXE from the

is a command-line program, requiring Administrative privledges, that will modify the audit policy of a local or remote computer.

Syntax: auditpol \[\\computer\] \[/enable | /disable\] \[/help | /?\] \[/category:type\] \[/category:type\] ...

Where:

\\computer is the name of a remote computer.
/enable enables audit (default).
/disable disables audit.
/category:type specifies what kind of events to audit:

category can be:
system: System events
logon: Logon/Logoff events
object: Object access
privilege: Use of privileges
policy: Security policy changes
sam: SAM changes

type can be:
success: Audit success events.
failure: Audit failure events.
all: Audit success and failure events.
none: Do not audit these events.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish