locked
Audit Logon Events(Local Policy) - Enabling Success and Failure Audit events for all users in Windows 7 RRS feed

  • Question

  • Hi,

    I want to enable success and failed logon events in windows 7 for all users. Currently I am using script below to call group policy .inf files to achieve this. But this script enables audit events only for administrator but not for all other users.  Is something wrong with my script or .inf file below ?

                               

    Set WSHShell = CreateObject("WScript.Shell")

        'Enable Legacy Audit Settings by disabling Advanced settings in registry
    WSHShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\scenoapplylegacyauditpolicy", 0, "REG_DWORD"

        'Force Group Policy Update
    WSHShell.Run "gpupdate /force /wait:0", 0,True

        'Set User Account Security Template
    WSHShell.Run "secedit.exe /configure /cfg C:\user\Audit_Policy_Install.inf /db %windir%\security\database\userAcntCreation.sdb /log %temp%\user_acnt_security_log_install.txt",0 ,True

        'Disable Legacy Audit Settings by Enabling Advanced settings in registry
    WSHShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\scenoapplylegacyauditpolicy", 1, "REG_DWORD"

        'Force Group Policy Update
    WSHShell.Run "gpupdate /force /wait:0", 0,True

    -------------------------------------inf file content below--------------------------------

    [Unicode]
    Unicode=yes
    [Event Audit]
    AuditLogonEvents = 3
    [Registry Values]
    [Version]
    signature="$CHICAGO$"
    Revision=1
    [Profile Description]
    Description=Audit User Accounts Logon Events 


    • Edited by SagarMC Friday, July 20, 2012 6:01 AM
    Friday, July 20, 2012 5:57 AM

Answers

  • Just use the Group Policy settings.  You do not need to change the installation settings.

    Open up MMC and set teh policy usign the GP snapin or use the domain policy GPMC to set the policy for all users.

    You are using the old NT4 method which is NOT group Policy.  It will not do what you want.


    ¯\_(ツ)_/¯


    Friday, July 20, 2012 6:05 AM

All replies

  • Just use the Group Policy settings.  You do not need to change the installation settings.

    Open up MMC and set teh policy usign the GP snapin or use the domain policy GPMC to set the policy for all users.

    You are using the old NT4 method which is NOT group Policy.  It will not do what you want.


    ¯\_(ツ)_/¯


    Friday, July 20, 2012 6:05 AM
  • Can we achieve this using a script ? If yes, do u have any example.

    I cant modify for all systems manually. I need to push this for all user machines.

    Friday, July 20, 2012 6:30 AM
  • No - just use Group Policy on the Domain Controller. It will applly to all machines if it is set at the root.


    ¯\_(ツ)_/¯

    Friday, July 20, 2012 7:17 AM