I needed to turn on NTFS file system auditing for two specific application EXE files on 30+ servers. I didn’t want to have to touch each server individually, so I decided to look into applying the audit settings centrally using group policy. Using the Security Templates snap-in for MMC on one of the systems I wanted to set up auditing for, I was able to configure a custom file system security policy.
Security Templates Snap-in:
Within the Security Templates MMC: [more]
- Define a new, empty security template
- Expand the new Template
- Right click on the File System section
- Select "Ad File..."
- Browse to the file you want to ad a group policy enforced ACL to
- Configure your desired access controls/audit settings
- Set appropriate inheritance options
- Once the policy settings you want are complete, right click the security template name
- Select "Save As..."
- Save the INF file somewhere
- Delete the security template
In my case, I only wanted to apply the audit policy portion of the ACL (not the file system permissions), so I opened the INF file and removed the permission settings that started with “D:PAR” and just left the “S:AR” settings.
Then, using the Group Policy Management console, I was able to create a new group policy object and import my file system auditing settings from the INF. I then applied the group policy to the proper OUs and waited for the new settings to get applied. Everything worked like a charm. The completed policy looks like this (in the Group Policy Management HTM view):