|
Posted by Roger Abell [MVP] on June 6, 2007, 1:05 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
> I looked threw all of the info on the link but none of it covers the
> adding
> of audit functions to a folder or drive. Does anyone have any other ideas?
>
Actually, what Slav provided in link is relevant. One just needs to
access the SACL instead of the DACL in the SD. That is, where that
sample uses "DACL = wmiSecurityDescriptor.DACL" one would
instead use "SACL = wmiSecurityDescriptor.SACL"
Since what you get is of Win32_ACE Wmi class, the rest of the
code is no different in what properties and methods may be used
or how.
If you go to microsoft.com/downloads and get the xcacls.vbs script
you will have a code that can modify any aspect of a DACL. It is a
trivial modification per the above info to manipulate the SACL instead
of the DACL and the xcacls.vbs provides examples of doing so.
You may need to do some reading branching off from
http://msdn2.microsoft.com/en-us/library/aa384905.aspx
which is a link on the page to which Slav pointed you.
Roger
>
> "S. Pidgorny <MVP>" wrote:
>
>> SACL manipulation can be done using WMI.
>> some sample code.
>>
>> --
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>
>> >I have a project for Windows XP and 2003 where I need to enable auditing
>> >to
>> > record failed access on the C:\ or some if its folders. I wan to do it
>> > with
>> > VBSCRIPT. Does anyone have a script to do that?
>> >
>> > Normally, you would set this by selecting properties of a folder, and
>> > clicking on the security tab. Next click on Advanced and then the
>> > Auditing
>> > tab. Click Add and then type in "everyone" and click OK. Finally,
>> > select
>> > the
>> > Failed Full Control check box and click OK, OK, and OK.
>> >
>> > Thanks. Jef
>> >
>>
>>
>>
| 
XML site map