Auditing is the process of monitoring user
or other object successes and failures with the current system. For example, you could monitor
every time the user fails to log into the system properly. The AuditPol utility supports the following
modes of operation.
Get
Displays the current audit policy.
Set
Modifies the audit policy.
List
Displays a list of selectable audit policies.
Backup
Saves the current audit policy to a file.
Restore
Restores a saved audit policy from a file.
Clear
Restores the audit policy to a known state (no audit policy at all).
Remove
Removes the per-user audit policy for the specified user.
The following sections describe each of these modes in detail.
492 CHAPTER 20
MANAGING SYSTEM USERS
Get
The Get mode displays the audit policy for the current or specified user. This mode uses the
following syntax:
AuditPol /Get [/user:
|<{sid}>]
[/category:*||<{guid}>[,:|<{guid}>...]]
[/subcategory:|<{guid}>[,:|<{guid}>...]]
[/option:{CrashOnAuditFail | FullPrivilegeAuditing | AuditBaseObjects |
AuditBaseDirectories}] [/sd] [/r]
The following list describes each of the command line arguments.
Pages:
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159