avery Posted May 7, 2009 Share Posted May 7, 2009 Hello,I have been banging my head on the wall with my latest au3 creation. I have been tasked to setup classified government computer systems with NISPOM system requirements. Simply put, enable some auditing.I am stuck on the part here I add auditing to files and folders. I have been trying to figure out this setACL.exe tool for days but it's so damn cryptic and I am still not even sure if it can do what I want.Task: Clear all Auditing for %SystemRoot% so I can apply the inf security template using secedit.exe or figure out how to enable auditing on certain files like recording failures to delete a file.Reference: setACL.exe DocsThings I've tried:setACL.exe -on C:\WINDOWS -ot file -actn rstchldrn -rst dacl -op "dacl:np" -rec cont_obj setACL.exe -on C:\WINDOWS -ot file -actn clear -clr dacl -rst sacl setACL.exe -on C:\WINDOWS -ot file -actn rstchldrn -rst dacl -op "dacl:np" setACL.exe -on "c:\WINDOWS" -ot file -actn ace -ace "n:S-1-1-0;m:revoke;s:y" -ace "n:S-1-5-32-545;m:revoke;s:y" -ace "n:S-1-5-32-547;m:revoke;s:y" -ace "n:S-1-5-32-544;p:full;s:y" -ace "n:S-1-5-18;p:full;s:y"My job is paying me good money to make a tool that does this for 300+ files in random locations for over 6,000 systems. It will save us tons of time. I am so frustrated with my lack of ability to figure this out I will honestly pay someone a nice tax free tip for tutoring me on setacl.exe or a way to make AutoIt3 set the auditing for files.Please reply or pm me. www.abox.orgAvery HowellVisit My AutoIt Websitehttp://www.abox.org Link to comment Share on other sites More sharing options...
avery Posted May 8, 2009 Author Share Posted May 8, 2009 *shameless bump* I am still researching how to make these ace strings to better understand how to use setacl or au3 wmi calls to set auditing on files/folders. Does anyone here have experience with it? I see that other languages like visual basic and .net can do this but not sure how to make my AutoIt3 project do it or with an external tool like setACL.exe Please and thank you very much for any help you can offer. www.abox.orgAvery HowellVisit My AutoIt Websitehttp://www.abox.org Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now