WinSecWiki
Windows Security Settings
Articles
WinSecWiki
»
Windows Security Settings
»
Local Policies
»
Audit Policy
»
Auditpol
Auditpol
Auditpol
This command is new to Windows Server 2008 and Vista and is required for querying or configuring audit policy at the subcategory level. Before using this command to configure subcategories make sure you enable "
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
".
This command is the only way you can configure audit policy at the subcategory level (Group Policy only allows you to configure audit policy at the category level). Furthermore auditpol does not accept a computer name for remotely configuring audit policy on another computer on the network; instead you must execute auditpol locally on each system.
To see the full syntax for this command run "auditpol /?" at the command line.
To get a listing of all categories and their subcategories, run:
auditpol /list /subcategory:*
To display the current audit policy for all subcategories run:
auditpol /get /category:*
Here's an example of enabling the File System subcategory for success and failure:
AUDITPOL /SET /SUBCATEGORY:"file system" /SUCCESS:ENABLE /FAILURE:ENABLE
Add Your Comments
Name:
*
Email Address:
Web Address:
Verification Code:
*
Details
Applies To:
Vista, Windows Server 2008
Article not rated yet.
Article has been viewed 2,244 times.
Options
Bookmark Article
Social Bookmarks
Comments RSS
Upcoming Webinars
Patching Adobe Software: Tips, Secrets and Solutions
Security Log Exposed: Understanding Kerberos Authentication Events and Separating Malicious Events from Noise
Additional Resources
Security Log Quick Reference Chart
Security Log Resource Kit
Learn about the SharePoint Audit Log
Patch Tuesday Analysis
Home
>
Windows Security
>
WinSecWiki
User name:
Password:
/
Forgot?
Register
Home