We have a poorly-sequenced application that is overwriting a Registry key with values that mean no-one can use Internet Explorer. We have narrowed the app down to 25 (!) or so, but are struggling a bit now. So we thought we would just enable auditing for object access, set auditing on the Registry keys, and trawl through the security log events in the morning.
I tried at first to set the auditing for the hundred or so servers through a GPO using *Windows Settings | Security Settings | Registry*, but this doesn't appear to work at all on our 2008 R2 servers. So I moved on to * subinacl* using the* /audit* switch. This runs without errors, but doesn't perform any modifications. A web page I read suggested using *subinacl* with the* /sdeny* switch (whatever that does), and although that seemed to be making modifications, they clearly weren't to the audit settings for the target keys, as these are still all blank. Can anyone suggest a good way to perform the audit settings change for a specific Registry key so that I don't have to visit 100 or so remote Registry paths and change them manually? PowerShell maybe? Anything will be considered at the moment. I have set up a scheduled task that resets the actual Registry permissions when they are changed (using *subinacl*), so we aren't being inundated with calls from irate users, but I'd like to find which application has caused this issue sooner rather than later. Cheers, -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
