利用 secedit.exe 配置本地审核策略
利用 secedit.exe 配置本地审核策略
发布时间:2016-12-28 来源:查字典编辑
摘要:代码没什么技术含量,图形化操作转换为命令行而已。效果图:代码(samtool.bat):复制代码代码如下:@echooffif{%1}=={...

代码没什么技术含量,图形化操作转换为命令行而已。

效果图:

利用 secedit.exe 配置本地审核策略1

代码(samtool.bat):

复制代码 代码如下:

@echo off

if {%1} == {} goto :help

if {%2} == {} goto :help

if exist SAMTool.sdb erase SAMTool.sdb /q

if exist SAMTool.inf erase SAMTool.inf /q

if exist SAMTool.log erase SAMTool.log /q

if {%1} == {-b} secedit /export /cfg %2 /log SAMTool.log /quiet

if {%1} == {-r} secedit /configure /db SAMTool.sdb /cfg %2 /log SAMTool.log /quiet

if {%1} == {-o} (

if {%4} == {} goto :help

if not {%3} == {-p} goto :help

echo %4 | findstr "[0-3]" >nul || goto :help

rem pushd %windir%system32

echo.[version]>>SAMTool.inf

echo.signature="$CHICAGO$">>SAMTool.inf

echo.[Event Audit]>>SAMTool.inf

echo.%2 | findstr "D" >nul && echo.AuditDSAccess=%4>>SAMTool.inf

echo.%2 | findstr "E" >nul && echo.AuditLogonEvents=%4>>SAMTool.inf

echo.%2 | findstr "S" >nul && echo.AuditSystemEvents=%4>>SAMTool.inf

echo.%2 | findstr "O" >nul && echo.AuditObjectAccess=%4>>SAMTool.inf

echo.%2 | findstr "U" >nul && echo.AuditPrivilegeUse=%4>>SAMTool.inf

echo.%2 | findstr "C" >nul && echo.AuditPolicyChange=%4>>SAMTool.inf

echo.%2 | findstr "L" >nul && echo.AuditAccountLogon=%4>>SAMTool.inf

echo.%2 | findstr "M" >nul && echo.AuditAccountManage=%4>>SAMTool.inf

echo.%2 | findstr "P" >nul && echo.AuditProcessTracking=%4>>SAMTool.inf

if {%2} == {A} (

echo.AuditDSAccess=%4>>SAMTool.inf

echo.AuditLogonEvents=%4>>SAMTool.inf

echo.AuditSystemEvents=%4>>SAMTool.inf

echo.AuditObjectAccess=%4>>SAMTool.inf

echo.AuditPrivilegeUse=%4>>SAMTool.inf

echo.AuditPolicyChange=%4>>SAMTool.inf

echo.AuditAccountLogon=%4>>SAMTool.inf

echo.AuditAccountManage=%4>>SAMTool.inf

echo.AuditProcessTracking=%4>>SAMTool.inf

)

secedit /configure /db SAMTool.sdb /cfg SAMTool.inf /log SAMTool.log /quiet

)

if {%3} == {-v} type SAMTool.log

if {%5} == {-v} type SAMTool.log

if exist SAMTool.sdb erase SAMTool.sdb /q

if exist SAMTool.inf erase SAMTool.inf /q

if exist SAMTool.log erase SAMTool.log /q

exit /b

:help

cls

echo.System audit strategy manage tool. (C) Copyright 2013 enun-net.

echo.

echo.Usage: SAMTool -b^|r [drive:][path][filename] -o options -p parameters -v

echo.

echo. -b Backup the current configuration, Specifies an INF file.

echo. -r From an INF file recovery configuration.

echo. -o options^(Support multiple^):

echo. D: Directory Service Access

echo. E: Logon Events

echo. S: System Events

echo. O: Object Access

echo. U: Privilege Use

echo. C: Policy Change

echo. L: Account Logon

echo. M: Account Manage

echo. P: Process Tracking

echo. A: All audit

echo. -p parameters:

echo. 0: Don't audit

echo. 1: Only audit successful

echo. 2: Only audit failure

echo. 3: All audit ^(successful and failure^)

echo. -v Detailed results.

echo.

echo.Example: SAMTool -o EC -p 0 -v

echo. SAMTool -b c:myconfig.inf -v

exit /b

例如:SAMTool -o EC -p 1 -v ,配置审核策略为:审核策略更改(成功),审核登录事件(成功),并显示较详细的输出。

原文:https://www.enun.net/?p=2339

推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
相关阅读
网友关注
最新DOS/BAT学习
热门DOS/BAT学习
脚本专栏子分类