Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 7. Group Policy and Active Direc... > Use of Auditpol.exe to Configure Aud...

Use of Auditpol.exe to Configure Auditing

The Auditpol.exe tool performs audit policy configuration actions from the command line. This is the only tool you can use to configure auditing on a Server Core computer or to configure directory service auditing subcategories.

To use this tool, type the following at a command line:

Auditpol command [<sub-command><options>]

Table 7.1 describes the available commands, and Table 7.2 describes several of the more important subcommands and options that you should be aware of.

Table 7.1. Auditpol Commands
CommandMeaning
/getDisplays the current auditing policy
/setSets the audit policy
/listDisplays audit policy categories and subcategories, or lists users for whom a per-user audit policy is defined
/backupSaves the audit policy to a specified file
/restoreRetrieves the audit policy from a specified file
/clearClears the audit policy
/removeRemoves per-user audit policy settings and disables system audit policy settings


Table 7.2. Auditpol Subcommands and Options
OptionMeaning
/user:<username>Specifies the security principal for a per-user audit. Specify the username by security identifier (SID) or by name. Requires either the /category or /subcategory subcommand when used with the /set command.
/category:<name>One or more auditing categories separated by | and specified by name or Globally Unique Identifier (GUID).
/subcategory:<name>One or more auditing subcategories separated by | and specified by name or GUID.
/success:enableEnables success auditing when using the /set command.
/success:disableDisables success auditing when using the /set command.
/failure:enableEnables failure auditing when using the /set command.
/failure:disableDisables failure auditing when using the /set command.
/fileSpecifies the file to which an audit policy is to be backed up, or from which an audit policy is to be restored.


For example, to configure auditing for directory service changes, you type the following:

Auditpol /set /subcategory:"directory service changes" /success:enable

Additional subcommands and options are available with most of the auditpol commands discussed here. For information on the available subcommands and options available for a specified command, type auditpol /command /?.

  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint