Announcement

Collapse
No announcement yet.

Configuring Local Security Audit Policy

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configuring Local Security Audit Policy

    I need to do it on about 500 machines that are not running in AD. I have checked the registry and only see some settings, but not what I need to set up auditing for 'Success,Failure under Audit account logon events.'

    Any suggestions?

  • #2
    Re: Configuring Local Security Audit Policy

    Personally (haven't tried it but now I will), I would run regmon to see just what changes when you modify 1 tiny setting in the Local Security Policy/Audit Policy.

    That should clue you in.

    Joel

    Comment


    • #3
      Re: Configuring Local Security Audit Policy

      No dice.

      The keys that are being changed when you modify the audit policy are in the HKLM/Security hive, and only the System itself has rights to edit that. Even attempting to change the permissions on the key and it's subs doesn't do the trick.

      Third party tool anyone??

      Comment


      • #4
        Re: Configuring Local Security Audit Policy

        You're SOL. The keys that dictate that part of the L.S.P. are in the HKLM/SECURITY hive, and only the system account has rights.

        Sorry! I wish someone can prove me wrong.

        Joel

        Comment

        Working...
        X