Configuring NTFS Audit Policies via Group Policy

I needed to turn on NTFS file system auditing for two specific application EXE files on 30+ servers.  I didn’t want to have to touch each server individually, so I decided to look into applying the audit settings centrally using group policy.  Using the Security Templates snap-in for MMC on one of the systems I wanted to set up auditing for, I was able to configure a custom file system security policy.

 Security Templates Snap-in:

Within the Security Templates MMC: [more]

  1. Define a new, empty security template
  2. Expand the new Template
  3. Right click on the File System section
  4. Select "Ad File..."
  5. Browse to the file you want to ad a group policy enforced ACL to
  6. Configure your desired access controls/audit settings
  7. Set appropriate inheritance options
  8. Once the policy settings you want are complete, right click the security template name
  9. Select "Save As..."
  10. Save the INF file somewhere
  11. Delete the security template

In my case, I only wanted to apply the audit policy portion of the ACL (not the file system permissions), so I opened the INF file and removed the permission settings that started with “D:PAR” and just left the “S:AR” settings.

Then, using the Group Policy Management console, I was able to create a new group policy object and import my file system auditing settings from the INF.  I then applied the group policy to the proper OUs and waited for the new settings to get applied.  Everything worked like a charm.  The completed policy looks like this (in the Group Policy Management HTM view):

Networking Windows 2003 Server NTFS group policy