Follow-up to: Windows 2000 Professional local auditing policies and Sysprep

[Tom Kemp]

Ok, yes, it's true..the best way to set auditing policies to all of the
workstations in this Windows 2003 domain with Windows 2000 Clients that
we're reproducing was to use Windows Server 2003's Group Policy Editor.

However, there's still one major step that I'm having issue with. Once the
policy is set, We still need to configure auditing on each workstation to
record all successes and failures of access in the security logs...special
circumstance requirement. At this point that means going into the
properties of each drive letter and setting auditing for the user 'everyone'
and selecting each and every success and failure....then applying the new
setting to include all folders and files from the root on out.

This can take a good bit of time on each drive! Not to mention that you
would have to keep your eye on them, as certain files can't be changed, such
as swap files, etc...so you have to tell it to skip/continue.

Is there a better way? If set on the master, would this setting survive a
sysprep, or would sysprep reset this?

Thank you in advance, once again!


__________________________________________________________________ Tom Kemp
MCSE/CNA/A+ ICQ#: 157741210 Current ICQ status: + More ways to contact me
__________________________________________________________________

 

[Derek Melber [MVP]]

Sure!

Use the File Permissions in the GPO where you are setting up the auditing.
It is directly below the Local Policies node. You can set up auditing on any
folder that exists on the computer. Just make sure the folder does exist, or
you will get strange results for GPO application.