Posted May 29, 200915 yr I tried searching Google and Microsoft KB. Is there a way to use Group Policy (either local security templates or AD GPO) to enable XP auditing on files, folders and *specific* registry sub-keys.... WITHOUT changing the permissions? 1. I tried using the Security Templates MMC, but I believe that method makes you set permissions when you set auditing. I believe this because of prior experiences, adn because when I tried deleting all of the current permissions, it gave me a big pop-up warning box that everyone would be denied access. Ideally there should be an option to "edit" the current auditing settings rather than replacing them, but that does not seem to be an option. 2. Also, in the Security Templates MMC, I could not drill down any further than just the first level of registry subkeys. E.g. it would let me audit all of HKLM\SOFTWARE, but will not let me audit the \Windows\Current Version\Run\ subkey or the \System\CurrentControlSet\Services\ for example. I tried editing the .INF text file manually, but I couldn't figure out how to do the first item, and wasn't sure editing either .INF file manually in that way would actually work. This is probably possible via a batch file or VBS script, but if you support a large enterprise, or want the change to be applied to future new systems as well, that isn't very optimal. -- kind regards, Karl Levinson, CISSP, CCSA, MCSE
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.