Sign in to follow this  
Followers 0
avery

Set Auditing on Files and Folders

2 posts in this topic

Hello,

I have been banging my head on the wall with my latest au3 creation. I have been tasked to setup classified government computer systems with NISPOM system requirements. Simply put, enable some auditing.

I am stuck on the part here I add auditing to files and folders. I have been trying to figure out this setACL.exe tool for days but it's so damn cryptic and I am still not even sure if it can do what I want.

Task: Clear all Auditing for %SystemRoot% so I can apply the inf security template using secedit.exe or figure out how to enable auditing on certain files like recording failures to delete a file.

Reference: setACL.exe Docs

Things I've tried:

setACL.exe -on C:\WINDOWS -ot file -actn rstchldrn -rst dacl -op "dacl:np" -rec cont_obj

setACL.exe -on C:\WINDOWS -ot file -actn clear -clr dacl -rst sacl

setACL.exe -on C:\WINDOWS -ot file -actn rstchldrn -rst dacl -op "dacl:np"

setACL.exe -on "c:\WINDOWS" -ot file -actn ace -ace "n:S-1-1-0;m:revoke;s:y" -ace "n:S-1-5-32-545;m:revoke;s:y" -ace "n:S-1-5-32-547;m:revoke;s:y" -ace "n:S-1-5-32-544;p:full;s:y" -ace "n:S-1-5-18;p:full;s:y"

My job is paying me good money to make a tool that does this for 300+ files in random locations for over 6,000 systems. It will save us tons of time. I am so frustrated with my lack of ability to figure this out I will honestly pay someone a nice tax free tip for tutoring me on setacl.exe or a way to make AutoIt3 set the auditing for files.

Please reply or pm me.


www.abox.orgAvery HowellVisit My AutoIt Websitehttp://www.abox.org

Share this post


Link to post
Share on other sites



*shameless bump*

I am still researching how to make these ace strings to better understand how to use setacl or au3 wmi calls to set auditing on files/folders.

Does anyone here have experience with it? I see that other languages like visual basic and .net can do this but not sure how to make my AutoIt3 project do it or with an external tool like setACL.exe

Please and thank you very much for any help you can offer.


www.abox.orgAvery HowellVisit My AutoIt Websitehttp://www.abox.org

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0