Auditing The Entire C: Drive on Domain Workstations Using GPO ?




Security at my site is VERY strict. I have a new requirement to be able to
audit (Full Control) success and failure on the root of each workstations
hard drive. I am trying to do this via GPO. I am using this configuration:

Computer Configurations | Windows Settings | Security Settings | File System.

I put the variable %systemroot% in for the local hard drive. This part works
ok. Once i have the %systemroot% variable i can then set NTFS and AUDITING
permissions on that folder.

This is my problem. I do not want to replace the ACL on NTFS permissions on
workstations across my domain. We have several workstations that are
specially configured with NTFS permissions on the local hard drive to meet
other security needs. I do however, want to replace the auditing permission
to audit EVERYONE for FULL CONTROL on SUCCESS and FAILURE of anything.

So, How do I replace the auditing permissions using this methoad but not
replace the NTFS permissions on the %systemdrive% at the same time?
Jun 30, 2011
Reaction score
Hi. I have the same situation. Rather than create another thread, the post above describes my situation perfectly (it is very old, but the situation is the same). How can I audit the enite C drive while keeping the NTFS permissions. Right now I can get the "everyone-fail" audit policy to be applied, but then the NTFS permissions are wiped out. Thanks for your help.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question