Hi All
A quick tip for windows cmd lovers
fetching audit policy is always a pain, many of us are not aware of the small utility by windows called as command auditpol.
A quick tip for windows cmd lovers
fetching audit policy is always a pain, many of us are not aware of the small utility by windows called as command auditpol.
Auditpol
Auditpol is the simple command line utility which give us the audit policy in windows
Usage
auditpol
Auditpol give us complete detailed view of audit policy it follows the below syntax
Auditpol command (get/set/list/backup/restore/clear/remove) Optional(user/domain)category, subcategory
As the first time user we are not aware of category so first task is to find category
auditpol /list /category : This will give us the category present in server
Account Logon
Account Management
Detailed Tracking
DS Access
Logon/Logoff
Object Access
Policy Change
Privilege Use
System
Same way we can list the subcategory
auditpol /list /subcategory:"Account Logon"
Now we will see how it will fetch the values of policy using auditpol
Auditpol /get /category:"Account Logon","Logon /Logoff"
Note :- You can list one or more categories using comma separated values
Happy Auditing.. :)