Hello, We have requirement to modify Advanced Security Settings (Audit Settings for folders) on windows 2008. I am looking for a command which does this job. I know, using group policies I can do this; in fact I had done this using group policies. However, I need to do this on number of servers which are not in domain. There are around 15 folders on which I need to enable Auditing; manual editing folder advanced permissions is a cumbersome job. Hence, I am looking for a command line options. I need to know how command can be utilised to enable Audit option on a folder. Please share a command which can do this; once I get the command, I will create a batch file for other necessary folders. (BTW, this is not a scripting question, I just need to know the command hence, please do not re-direct me to scripting forum) Manually through GUI, I am setting following.. snaps are given below Thanks !

You can try using Auditpol.exe: http://technet.microsoft.com/en-us/library/cc731451%28v=ws.10%29.aspx This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

You can try using Auditpol.exe: http://technet.microsoft.com/en-us/library/cc731451%28v=ws.10%29.aspx This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer Thanks but I guess, auditpol ca be used only to manipulate system audit policies. how do I specify a folder and user in auditpol ? I could not find or understand how folder can be included with auditpol command line options.Thanks !

Hi, Thank you for the post. Please download and use subinacl.exe to modify folder/user audit settings like: subinacl /subdirectories=directoriesonly d:\test /sallowdeny=everyone=f subinacl /file d:\test1.txt /sallowdeny=everyone=F The audit action parameter includes sgrant, sdeny and sallowdeny. subinacl security descriptor editing features : - owner ( /setowner ) - primary group ( /setprimarygroup ) - permissions ( /grant , /deny , /revoke ) - audit ( /sgrant, /sdeny, /sallowdeny) http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/27a5c5ab-fd1e-4748-8d55-cbc5985495ee http://www.vanstechelman.eu/windows/how_to_use_subinacl If there are more inquiries on this issue, please feel free to let us know. Regards Rick Tan TechNet Community Support

Hi, Thank you for the post. Please download and use subinacl.exe to modify folder/user audit settings like: subinacl /subdirectories=directoriesonly d:\test /sallowdeny=everyone=f subinacl /file d:\test1.txt /sallowdeny=everyone=F The audit action parameter includes sgrant, sdeny and sallowdeny. subinacl security descriptor editing features : - owner ( /setowner ) - primary group ( /setprimarygroup ) - permissions ( /grant , /deny , /revoke ) - audit ( /sgrant, /sdeny, /sallowdeny) http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/27a5c5ab-fd1e-4748-8d55-cbc5985495ee http://www.vanstechelman.eu/windows/how_to_use_subinacl If there are more inquiries on this issue, please feel free to let us know. Regards Rick Tan TechNet Community Support Thanks Rick. I will give that a try and post my feedback in a day or two. Thanks again. Thanks !

Rick, subinacl.exe works perfectly fine :) Need one more small help I executed following on a test folder C:\Program Files (x86)\Windows Resource Kits\Tools>subinacl /subdirectories d:\junk /sdeny=everyone=F Audit settings got applied however, " Apply these auditing entries to the objects and/or containers within this container only " has not been enabled. How do I get that using subinacl ? Thanks !

Hi, Oh, please use "d:\junk\" instead of "d:\junk". Read explanations below: /subdirectories file_path manipulate files in specified directory and all subdirectories - c:\temp\*.obj : work with all obj files - c:\temp\test : work with all test files below the c:\temp directory - c:\temp\test\*.* : work with all files below temp\test - c:\temp\test\ : work with all files below temp\test /subdirectories=directoriesonly will apply parameters on directories only /subdirectories=filesonly will apply parameters on files only RegardsRick Tan TechNet Community Support

Hi Rick, I used "D:\Junk\" however that didn't make any difference. I even tried " D:\Junk\*.*" this didn't work either.Thanks !

Hi, No command function could enable the "Apply these auditing entries to the objects and/or containers within this container only" check box. By default, the audit entry apply to "This folder, subfolder and files". So please just create new folder/file in junk folder and check the audit entry. https://skydrive.live.com/?cid=89aee176339ad2f9#cid=89AEE176339AD2F9&id=89AEE176339AD2F9%21201 Based on my test, the difference of two object_type listed below. Select what you want or run both of them. subinacl object_type audit entry applied audit entry not applied d:\junk d:\junk, new folder/file in junk folder existed folder/file in junk folder d:\junk\ existed and new folder/file in junk folder d:\junk RegardsRick Tan TechNet Community Support

Rick - Thanks for the help. appreciated :)Thanks !