Friday, 18 October 2013

Auditpol Command Examples to Change Security Audit settings

Description

  This article provides the step-by-step details about Auditpol command usage and examples to get and set Security Audit settings as category and sub category level (Advanced Audit Configuration).

Usage of Auditpol command:

Auditpol.exe is the command line utility tool to change Audit Security settings as category and sub-category level. It is available by default Windows 2008 R2  and later versions/Windows 7 and later versions. By using Auditpol, we can get/set Audit Security settings per user level and computer level.

Note: You should run Auditpol command with elevated privilege (Run As Administrator);

Usage: AuditPol command [<sub-command><options>]

Commands (only one command permitted per execution)
  /?               Help (context-sensitive)
  /get            Displays the current audit policy.
  /set            Sets the audit policy.
  /list            Displays selectable policy elements.
  /backup     Saves the audit policy to a file.
  /restore      Restores the audit policy from a file.
  /clear           Clears the audit policy.
  /remove          Removes the per-user audit policy for a user account.
  /resourceSACL    Configure global resource SACLs

Auditpol Command Examples:

Lists all the settings
Auditpol /get /category:*
Lists only the Account Management category settings.
Auditpol /get /category:"Account Management"
Lists only the User Account Management subcategory setting.
Auditpol /get /subcategory:"User Account Management" 
Set the  Account Management category setting as success.
Auditpol /set /category:"Account Management" /success:enable
Set the  Account Management category setting as failure.
Auditpol /set /category:"Account Management" /failure:enable
Disable/Remove success setting of the  Account Management category.
Auditpol /set /category:"Account Management" /success:disable
Disable/Remove failure setting of the  Account Management category.
Auditpol /set /category:"Account Management" /failure:disable
Set only the subcategory setting User Account Management as success.
Auditpol /set /subcategory:"User Account Management" /success:enable 
Set only the subcategory setting User Account Management as failure.
Auditpol /set /subcategory:"User Account Management" /failure:enable 
Lists Detailed Tracking category settings only for the user Administrator.
Auditpol /get /user:Administrator /category:"Detailed Tracking" 
Set Detailed Tracking category setting as success only for the user Administrator.
Auditpol /set /user:Administrator /category:"Detailed Tracking" /success:enable 



Thanks,
Morgan
Software Developer

Advertisements
Advertisements

No comments:

Post a Comment