Shulou(Shulou.com)06/03 Report--

Editor to share with you how to use secedit.exe to configure local audit strategy, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

The code is not very technical, and the graphical operation is converted to the command line.

Effect picture:

Code (samtool.bat):

The code is as follows:

@ echo off

If {% 1} = = {} goto: help

If {% 2} = = {} goto: help

If exist SAMTool.sdb erase SAMTool.sdb / q

If exist SAMTool.inf erase SAMTool.inf / q

If exist SAMTool.log erase SAMTool.log / q

If {% 1} = {- b} secedit / export / cfg% 2 / log SAMTool.log / quiet

If {% 1} = {- r} secedit / configure / db SAMTool.sdb / cfg% 2 / log SAMTool.log / quiet

If {% 1} = {- o} (

If {% 4} = = {} goto: help

If not {% 3} = {- p} goto: help

Echo% 4 | findstr "[0-3]" > nul | | goto: help

Rem pushd% windir%\ system32\

Echo. [version] > > SAMTool.inf

Echo.signature= "$CHICAGO$" > > SAMTool.inf

Echo. [Event Audit] > > SAMTool.inf

Echo.%2 | findstr "D" > nul & & echo.AuditDSAccess=%4 > > SAMTool.inf

Echo.%2 | findstr "E" > nul & & echo.AuditLogonEvents=%4 > > SAMTool.inf

Echo.%2 | findstr "S" > nul & & echo.AuditSystemEvents=%4 > > SAMTool.inf

Echo.%2 | findstr "O" > nul & & echo.AuditObjectAccess=%4 > > SAMTool.inf

Echo.%2 | findstr "U" > nul & & echo.AuditPrivilegeUse=%4 > > SAMTool.inf

Echo.%2 | findstr "C" > nul & & echo.AuditPolicyChange=%4 > > SAMTool.inf

Echo.%2 | findstr "L" > nul & & echo.AuditAccountLogon=%4 > > SAMTool.inf

Echo.%2 | findstr "M" > nul & & echo.AuditAccountManage=%4 > > SAMTool.inf

Echo.%2 | findstr "P" > nul & & echo.AuditProcessTracking=%4 > > SAMTool.inf

If {% 2} = {A} (

Echo.AuditDSAccess=%4 > > SAMTool.inf

Echo.AuditLogonEvents=%4 > > SAMTool.inf

Echo.AuditSystemEvents=%4 > > SAMTool.inf

Echo.AuditObjectAccess=%4 > > SAMTool.inf

Echo.AuditPrivilegeUse=%4 > > SAMTool.inf

Echo.AuditPolicyChange=%4 > > SAMTool.inf

Echo.AuditAccountLogon=%4 > > SAMTool.inf

Echo.AuditAccountManage=%4 > > SAMTool.inf

Echo.AuditProcessTracking=%4 > > SAMTool.inf

)

Secedit / configure / db SAMTool.sdb / cfg SAMTool.inf / log SAMTool.log / quiet

)

If {% 3} = {- v} type SAMTool.log

If {% 5} = {- v} type SAMTool.log

If exist SAMTool.sdb erase SAMTool.sdb / q

If exist SAMTool.inf erase SAMTool.inf / q

If exist SAMTool.log erase SAMTool.log / q

Exit / b

: help

Cls

Echo.System audit strategy manage tool. (C) Copyright 2013 enun-net.

Echo.

Echo.Usage: SAMTool-b^ | r [drive:] [path] [filename]-o options-p parameters-v

Echo.

Echo. -b Backup the current configuration, Specifies an INF file.

Echo. -r From an INF file recovery configuration.

Echo. -o options ^ (Support multiple^):

Echo. D: Directory Service Access

Echo. E: Logon Events

Echo. S: System Events

Echo. O: Object Access

Echo. U: Privilege Use

Echo. C: Policy Change

Echo. L: Account Logon

Echo. M: Account Manage

Echo. P: Process Tracking

Echo. A: All audit

Echo. -p parameters:

Echo. 0: Don't audit

Echo. 1: Only audit successful

Echo. 2: Only audit failure

Echo. 3: All audit ^ (successful and failure ^)

Echo. -v Detailed results.

Echo.

Echo.Example: SAMTool-o EC-p 0-v

Echo. SAMTool-b c:\ myconfig.inf-v

Exit / b

For example: SAMTool-o EC-p 1-v, configure audit policy to audit policy changes (success), audit login events (success), and display more detailed output.

The above is all the contents of the article "how to configure Local Audit Policy with secedit.exe". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.