Checking Audit Information

TheMSsForum.com: The Microsoft Software Forum

Is there a way to set / check the audit policy settings
(e.g. Audit Logon events, Audit Privilege use, etc) of a
Windows 2000 Server using vbscript?
Top

Re: Checking Audit Information by petal

petal
Tue Jul 08 18:19:23 CDT 2003

audit info is held in the system acl (sacl) so you'd need to look at
ADsSecurityUtility.dll or Win32_SecurityDescriptor

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/security_interfaces.asp?frame=true

here is part of a script that I'm trying to use to do a simlar thing - think
I got most of it from MSDN and posts by Max Vaughn

regards
petal

'
' Define ADS_PATHTYPE_ENUM constants:
'
Const ADS_PATH_FILE = &h1
Const ADS_PATH_FILESHARE = &h2
Const ADS_PATH_REGISTRY = &h3
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
'
' Define ADS_SD_FORMAT_ENUM constants:
'
Const ADS_SD_FORMAT_IID = &h1
Const ADS_SD_FORMAT_RAW = &h2
Const ADS_SD_FORMAT_HEXSTRING = &h3
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
'
' Define ADS_SECURITY_INFO_ENUM constants:
'
Const ADS_SECURITY_INFO_OWNER = &h1
Const ADS_SECURITY_INFO_GROUP = &h2
Const ADS_SECURITY_INFO_DACL = &h4
Const ADS_SECURITY_INFO_SACL = &h8



Set sdUtil = CreateObject("ADsSecurityUtility")

canReadOwner = ADS_SECURITY_INFO_OWNER

canReadGroup = ADS_SECURITY_INFO_OWNER _
Or ADS_SECURITY_INFO_GROUP

canReadDacl = ADS_SECURITY_INFO_OWNER _
Or ADS_SECURITY_INFO_GROUP _
Or ADS_SECURITY_INFO_DACL

canReadSacl = ADS_SECURITY_INFO_OWNER _
Or ADS_SECURITY_INFO_GROUP _
Or ADS_SECURITY_INFO_DACL _
Or ADS_SECURITY_INFO_SACL

' security mask defines what security data can be read (OWNER, GROUP, DACL,
SACL)
' default is &h7
msgbox "SecurityMask: " & sdUtil.SecurityMask, 64, "SecurityMask"

sdUtil.SecurityMask = canReadSacl
'NB by default SACL is not set so attempts to access it create errors

'Set sd = sdUtil.GetSecurityDescriptor("<share>", ADS_PATH_FILESHARE,
ADS_SD_FORMAT_IID )
Set sd = sdUtil.GetSecurityDescriptor("<file or folder>", ADS_PATH_FILE,
ADS_SD_FORMAT_IID )

msgbox "Control: " & sd.Control & vbCrlf & _
"Group: " & sd.Group & vbCrlf & _
"Owner: " & sd.Owner & vbCrlf & _
"Revision: " & sd.Revision, _
64, "SecurityDescriptor"

Set sacl = sd.SystemAcl
'NB by default SACL is not set so attempts to access it create errors

msgbox "AceCount: " & sacl.acecount & vbCrlf & _
"AclRevision: " & sacl.AclRevision

For Each ACE In sacl
msgbox "AccessMask: " & ACE.AccessMask & vbCrlf & _
"AceFlags: " & ACE.AceFlags & vbCrlf & _
"AceType: " & ACE.AceType & vbCrlf & _
"Flags: " & ACE.Flags & vbCrlf & _
"InheritedObjectType: " & ACE.InheritedObjectType & vbCrlf & _
"ObjectType: " & ACE.ObjectType & vbCrlf & _
"Trustee: " & ACE.Trustee & vbCrlf
Next

"Brian" <nospam@myemail.net> wrote in message
news:788e01c344a4$24c23ae0$a401280a@phx.gbl...
> Is there a way to set / check the audit policy settings
> (e.g. Audit Logon events, Audit Privilege use, etc) of a
> Windows 2000 Server using vbscript?
>


Top