salawank

Local audit policy batch script-1.3

Jun 16th, 2011
223
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. @ECHO OFF
  2. :: poorman Local Security Policy (Audit Policy) batch script v1.3
  3. :: will enable success/failure for all audits except DS access
  4. :: require auditpol.exe if not exist
  5. :: win ver part shamelessly from Denis St-Pierre
  6. :: tdr.local[at]gmail.com
  7.  
  8.  
  9. VER | FINDSTR /L "5.0." > NUL:
  10. IF %ErrorLevel% EQU 0 (
  11. ECHO System is running Win 2000
  12. C:\Windows\System32\auditpol.exe /enable /system:all /logon:all /object:all /privilege:all /process:all /policy:all /sam:all
  13.  
  14. )
  15.  
  16. VER | FINDSTR /L "5.1." > NUL:
  17. IF %ErrorLevel% EQU 0 (
  18. ECHO System is running Win XP
  19. GOTO Win_XP_2003
  20.  
  21. )
  22.  
  23. VER | FINDSTR /L "5.2." > NUL:
  24. IF %ErrorLevel% EQU 0 (
  25. ECHO System is running Win 2003
  26. GOTO Win_XP_2003
  27.  
  28. )
  29.  
  30. VER | FINDSTR /L "6.0." > NUL:
  31. IF %ErrorLevel% EQU 0 (
  32. If EXIST %SystemRoot%\System32\ServerManagerLauncher.exe (
  33. ECHO Running Windows 2008R1
  34. GOTO Win_Vista_7_2008
  35.  
  36. ) ELSE (
  37. ECHO System is running Win Vista
  38. GOTO Win_Vista_7_2008
  39.  
  40. )
  41. )
  42.  
  43. VER | FINDSTR /L "6.1." > NUL:
  44. IF %ErrorLevel% EQU 0 (
  45. If EXIST %SystemRoot%\System32\ServerManagerLauncher.exe (
  46. ECHO Running Windows 2008R2
  47. GOTO Win_Vista_7_2008
  48.  
  49. ) ELSE (
  50. ECHO System is running Windows 7
  51. GOTO Win_Vista_7_2008
  52.  
  53. )
  54. )
  55.  
  56. :Win_XP_2003
  57. Echo copying Auditpol.exe to system32...
  58. REM change the IP address to share server's IP
  59. xcopy "\\192.168.44.1\auditpol\Auditpol.exe" C:\Windows\system32
  60. Echo Enabling Auditing...
  61. C:\Windows\system32\Auditpol.exe /enable /system:all /logon:all /object:all /privilege:all /process:all /policy:all /sam:all
  62. GOTO EXEC_CMD
  63.  
  64.  
  65. :Win_Vista_7_2008
  66. C:\Windows\System32\auditpol.exe /set /category:"Account Logon" /success:enable /failure:enable
  67. C:\Windows\System32\auditpol.exe /set /category:"Object Access" /success:enable /failure:enable
  68. C:\Windows\System32\auditpol.exe /set /category:"Account Management" /success:enable /failure:enable
  69. C:\Windows\System32\auditpol.exe /set /category:"Detailed Tracking" /success:enable /failure:enable
  70. C:\Windows\System32\auditpol.exe /set /category:"DS Access" /success:disable /failure:disable
  71. C:\Windows\System32\auditpol.exe /set /category:"Logon/Logoff" /success:enable /failure:enable
  72. C:\Windows\System32\auditpol.exe /set /category:"Policy Change" /success:enable /failure:enable
  73. C:\Windows\System32\auditpol.exe /set /category:"Privilege Use" /success:enable /failure:enable
  74. C:\Windows\System32\auditpol.exe /set /category:"System" /success:enable /failure:enable
  75. GOTO EXEC_CMD
  76.  
  77. :EXEC_CMD
  78. ECHO Continue with Audit Policy..
  79. PAUSE
  80. START c:\windows\system32\secpol.msc
RAW Paste Data