Auditing is stored in the SACL not the DACL right? I was going to recommend icacls.exe which has a /remove switch, but I think it only does DACLs not SACLs
Cheers Ken ________________________________________ From: Ziots, Edward [[email protected]] Sent: Tuesday, 28 April 2009 6:27 AM To: NT System Admin Issues Subject: RE: script to add auditing I think the sdeny will setup a deny acl, but unless you can combine with /revoke switch that might not be possible... Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + [email protected] Phone:401-639-3505 -----Original Message----- From: Christopher Bodnar [mailto:[email protected]] Sent: Monday, April 27, 2009 1:28 PM To: NT System Admin Issues Subject: RE: script to add auditing Can Subinacl remove a single entry from the audit list? I've looked through the documentation, but I don't see a way to do this. I know the /audit switch will wipe the list out entirely. Thanks, Chris ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
