欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

利用 secedit.exe 配置本地审核策略

程序员文章站 2022-06-23 18:53:11
代码没什么技术含量,图形化操作转换为命令行而已。 效果图: 代码(samtool.bat): 复制代码 代码如下:@echo offif {%1} == {} goto...
代码没什么技术含量,图形化操作转换为命令行而已。

效果图:

利用 secedit.exe 配置本地审核策略

代码(samtool.bat):

复制代码 代码如下:

@echo off
if {%1} == {} goto :help
if {%2} == {} goto :help

if exist samtool.sdb erase samtool.sdb /q
if exist samtool.inf erase samtool.inf /q
if exist samtool.log erase samtool.log /q

if {%1} == {-b} secedit /export /cfg %2 /log samtool.log /quiet

if {%1} == {-r} secedit /configure /db samtool.sdb /cfg %2 /log samtool.log /quiet

if {%1} == {-o} (
 if {%4} == {}       goto :help
 if not {%3} == {-p} goto :help

 echo %4 | findstr "[0-3]" >nul || goto :help

 rem pushd %windir%\system32\
 echo.[version]       >>samtool.inf
 echo.signature="$chicago$"    >>samtool.inf
 echo.[event audit]      >>samtool.inf

 echo.%2 | findstr "d" >nul && echo.auditdsaccess=%4   >>samtool.inf
 echo.%2 | findstr "e" >nul && echo.auditlogonevents=%4  >>samtool.inf
 echo.%2 | findstr "s" >nul && echo.auditsystemevents=%4  >>samtool.inf
 echo.%2 | findstr "o" >nul && echo.auditobjectaccess=%4  >>samtool.inf
 echo.%2 | findstr "u" >nul && echo.auditprivilegeuse=%4  >>samtool.inf
 echo.%2 | findstr "c" >nul && echo.auditpolicychange=%4  >>samtool.inf
 echo.%2 | findstr "l" >nul && echo.auditaccountlogon=%4  >>samtool.inf
 echo.%2 | findstr "m" >nul && echo.auditaccountmanage=%4  >>samtool.inf
 echo.%2 | findstr "p" >nul && echo.auditprocesstracking=%4 >>samtool.inf

 if {%2} == {a} (
  echo.auditdsaccess=%4     >>samtool.inf
  echo.auditlogonevents=%4    >>samtool.inf
  echo.auditsystemevents=%4    >>samtool.inf
  echo.auditobjectaccess=%4    >>samtool.inf
  echo.auditprivilegeuse=%4    >>samtool.inf
  echo.auditpolicychange=%4    >>samtool.inf
  echo.auditaccountlogon=%4    >>samtool.inf
  echo.auditaccountmanage=%4    >>samtool.inf
  echo.auditprocesstracking=%4   >>samtool.inf
 )
 secedit /configure /db samtool.sdb /cfg samtool.inf /log samtool.log /quiet
)

if {%3} == {-v} type samtool.log
if {%5} == {-v} type samtool.log

if exist samtool.sdb erase samtool.sdb /q
if exist samtool.inf erase samtool.inf /q
if exist samtool.log erase samtool.log /q

exit /b

:help
cls
echo.system audit strategy manage tool. (c) copyright 2013 enun-net.
echo.
echo.usage: samtool -b^|r [drive:][path][filename] -o options -p parameters -v
echo.        
echo.         -b backup the current configuration, specifies an inf file.
echo.         -r from an inf file recovery configuration.
echo.         -o options^(support multiple^):
echo.     d: directory service access
echo.     e: logon events
echo.     s: system events
echo.     o: object access
echo.     u: privilege use
echo.     c: policy change
echo.     l: account logon
echo.     m: account manage
echo.     p: process tracking
echo.     a: all audit
echo.         -p parameters:
echo.     0: don't audit
echo.     1: only audit successful
echo.     2: only audit failure
echo.     3: all audit ^(successful and failure^)
echo.         -v detailed results.
echo.
echo.example: samtool -o ec -p 0 -v
echo.         samtool -b c:\myconfig.inf -v
exit /b



例如:samtool -o ec -p 1 -v ,配置审核策略为:审核策略更改(成功),审核登录事件(成功),并显示较详细的输出。

原文:https://www.enun.net/?p=2339