??????? ??????? ???????? ?? Windows Vista-?????? ?? Windows Server 2008-?????? ???????? ??? ?? Windows Server 2008 ?????, Windows Server 2003 ????? ???, ?? ???? Windows 2000 ????? ?? ??? ??????? ?? ???????? ???? ?? ??? ???? ???? ?? ????? ???? ?????

???? ?????? ???? ??????
???? ID: 921469 - ?? ???????? ?? ?????? ??? ?? ?? ???? ???? ???? ??.
??? ?? ??????? ???? | ??? ?? ??????? ????

?? ????? ??

??????

?? ???? ????? ???? ?? ?? ??????? ???????? ?? Windows Vista-?????? ?? Windows Server 2008-?????? ?????????? ??? Windows Server 2003 ?? ???? ????? ?? ???? Windows 2000 ????? ?? ??? ??????? ?? ???????? ???? ?? ??? ???? ???? ?? ????? ???? ????? Windows Vista ?? Windows Server 2008 ?? ???? ???? subcategories ?? ????? ?? ?? ???? ??????? ???? ?? ???? ??????? ?? ?????? ???? ???? ?? ???? ??????? ??????? ???????? ?? Windows Vista ?? Windows Server 2008 ??? ??? ???????? ?? ??? ??????? ?? ???? ???? ?? ?? ????? ???? ???? ???? ???? ?? ??? ?????????? ?? ????? ?? ???? ??? ?? ?? ????????? ?? ????? ???? ???

?????

?? ???? ????? ???? ?? ?? ??? ??? ??? Windows Vista ?? Windows Server 2008 ??? Windows Server 2003 ?? ???? ????? ?? ???? Windows 2000 ????? ??? ???????? ?? ??? ??????? ??????? ??????? ???????? ?? ???????? ???? ?? ??? ???? ???? ?? ????? ???? ????? Windows Vista ?? Windows Server 2008 ???, ???? ??? ???? ???????? ???-??? ???? ???? subcategories ?? ???? ??? Windows ???????? ?????? ?? ?????? ????????? ??? ?? ???? ??????? ?? ???? ???? ???????? ?? ???? ???? ????? ??? Windows Vista ??? ?????? subcategories ????? ???? ???? ?????????? ??????? ??????? ???????? ?? Windows Vista-?????? ?? Windows Server 2008-?????? ?????????? ??? Windows Server 2003 ?? ???? ????? ?? ???? Windows 2000 ????? ??? ??????? ?? ???? ???? ?? ?? ????? ???? ???? ???? ???? ?? ??? ?? ???? ??? ???? ?? ????????? ?? ????? ?? ???? ????

???? ???????

????? ???? ?? ????? ???? ?? ???

??? ????? ???? ?? ????? ???? ?? ???? ?? ???? ????? ???? ?? ?? ????????? ?? ???? ???? ?? ??? ????? ???:
  • ????????? ????? ??? ?? ????? ???? ??? ????? ??? ???????? ???? ?? ????? ???? ??? ??? ??, ????? ??? ????? %SystemRoot%\Temp ??????? ??? ?? ??? ????
  • ????????? Contoso.com ????? ????? ?? ????? ???? ???
  • ????????? ????? ?? ?? ????? ????????? ???? ???:
    • ?? ????? ??????? ?? ??????? ?? ?????? ???:
      • ???? ???? ????????? ?????????
      • ???? ???? ??????? ?????
      • Auditpol.exe ????-?????? ?????
    • ???? ??? ?? ??? ????? ?????? ?? ??? ??? ???
  • ?? ?? ????????? ???? ????? ?? Windows Vista ??? ?????? ??????? ???? ???? ???????? ?? ??? ?????? ?????-?????? ???? ???? ?????? ?? ??????? ???? ?? ??? ????????? ?? ?????? ???? ??? ?? Windows Vista ??? ?????? ??????? ???? ???? ???????? ?? ???????? ???? ?? ??? ???? ?????, ?? ???? ????? ???? ?? ?? ?? ????????? ?? ?????
  • ?? ????? ???? auditpol ???????? ?? ???????? ?? ???? ???? ??? auditpol ???????? ?????? ???? ??? ?????? ??? ?? ???????? ?? ??? ???? ?? ??????? ??????? ?????? ??.. ??? ??, ??? ? ???? ??????? ? ?? ??? ??? ?? ? ????????? ???? ? ?? ??? ??? auditpol ???????? ????????? ?? ???, ?? auditpol ???????? ?????? ?? ?? ?????? ???? ?????? ???????? ???? ????

???????? ?? ??? ???????? ??????? ??????? ??????? ?? ???????? ???? ?? ??? ???? ???? ?? ????? ????

??????? ??????? ???????? ?? Windows Vista-?????? ?? Windows Server 2008-?????? ?????????? ??? Windows Server 2003 ?? ???? ????? ?? ???? Windows 2000 ????? ?? ??? ??????? ?? ???????? ???? ?? ??? ???? ???? ?? ????? ????, ????? ????? ?? ???? ?????

??? 1: ???????? ???? ?? ??? Windows Vista-?????? ?? Windows Server 2008-?????? ???????? ?? ?????? ???? ?? ??? ?????? ???????? ??????? ???????

  1. ???? ???????? ?? ??? ?????????? ????????????? ???? ?????????? ?? ??? ??? ??? ?? ?????
  2. ????? ????,????????? ????? ????,??? ?????????????? ????,????? ?????, ????-????? ????????? ??????????? ????-????? ????, ?? ???? ????????????? ?? ??? ??? ?????.
  3. ??????????????? ???? ????????????? ????? ???, ????? ???????? ????.
  4. ??????? ???? ???? ?????? ????? ??? ??? ???? ?? ???, ????? ????????? ?? ????? ?????? ???? ????, ?? ???? ??? ENTER ?????:
    auditpol/???? ????
  5. ????? ???????? ???? ?? ??? Auditpol.exe ????-?????? ????? ?? ????? ???? ???? ???????? ?? ?? ????? ????

    ?????? ?? ???, ????? ????????? ?? ????? ????????? ????? ???????? ?????? ?? ??? ENTER ????? ?????
    auditpol//subcategory ??? ????: "?????????? ???? ???????" /success:enable /failure:enable
    auditpol//subcategory ??? ????: "?????" /success:enable /failure:enable
    auditpol//subcategory ??? ????: "IPSEC ????? ???" /failure:enable
    ???:?? ????? ?? ??? ??? ??????? ????????? subcategories ?? ???, ????? ????????? ?? ????? ?????? ???? ????, ?? ???? ??? ENTER ?????:
    auditpol /list /subcategory: *
  6. ????? ????????? ?? ????? ?????? ???? ????, ?? ???? ??? ENTER ?????:
    auditpol//file:auditpolicy.txt ?????
  7. ????? ??? ???????? ????? ???????? (PDC) ????????? ??? ???? ????? ???????? ?? ???????? ???? ???? ?? ??? Auditpolicy.txt ????? ?? ????????? ??????

    Auditpolicy.txt ????? ??? ??? ???? ???? ?????? ?? ???? ???????? ???? ??? ??? ????????? ????????? ???? reapply ???? ?? ??? ?? ????? ?? ????? ???? ??? ?? ??????????? ???? ???? ?? ??? ????????? ????????? ?? ???, ?? ???? ???? ?????? ?? ?????? ???? ?? ??? ???????? ?? ???????? ???? ?? ???? ??? ???? ???? ?????? ?? ?????? ???? ?? ??? ???????? ???? ???? ?? ??? ????????? Auditpolicy.txt ????? ?? ?????? ??????? ?? ???????? ?? ????? ??? ???? ?? ???, Auditpolicy.txt ?? ?? ?? ????? ?????, ?? ???? ??? ???????? ???? ???? ?? ??? ?? Auditpolicy.txt ????? ?? ????????? ??????

??? 2: ??? ????????? ?????, ?? ?? ???????? ???? ???? ?? ??? ????????? ?????

Microsoft ???????????? ?????? ???? ???????? ?? ??? ??? ???? ??, ???? ??? ??? ?? ?????? ?? ?????????? ??? ??? ?????? ???? ?? ????.. ?????? ???????? ?????? ?? ???? ????? ???????? ?? ??? ???????? ????? ??? ?? ???? ?? ????? ???? ???.. ?? ??? ????? ?? ?? ?? ????? ?? ?? ??? ???????????? ???? ?? ?? ??????? ?? ?????? ??? ????? ????? ???????????? ?? ????? ?? ???? ???? ?? ??? ???? ?? ??? ??.. Microsoft ?????? ???????? ?? ????? ????????? ?? ???????????? ?? ?????? ??? ?????? ?? ???? ???, ??, ?? ?? ???????? ?? ???? ??????? ?????????? ?? ?????? ???? ?? ??? ???????? ??????????????? ?? ?????? ?? ???????????? ????? ?? ??? ??????? ???? ??????..
  1. AuditPolicy.cmd ????????? ?????? ??? ???? ?? ???, ????? ????? ?? ???? ????::
    1. ?????? ??????? ????, ?? ?? ??? ????? ????????? ??????
    2. ???????? ??? ????? ??? ?? Notepad ??? ???????:
      @echo off
      
      REM AuditPolicy.cmd
      REM (c) 2006 Microsoft Corporation.  All rights reserved.
      REM Sample Audit Script to deploy Windows Vista
      REM Granular Audit Policy settings.
      
      REM Should be run as a startup script from Group Policy
      
      REM ###################################################
      REM Declare Variables so that we only need to edit file
      REM names/paths in one location in script
      REM ###################################################
      
      set AuditPolicyLog=%systemroot%\temp\auditpolicy.log
      set OSVersionSwap=%systemroot%\temp\osversionwap.txt
      set OsVersionTxt=%systemroot%\temp\osversion.txt
      set MachineDomainTxt=%systemroot%\temp\machinedomain.txt
      set MachineDomainSwap=%systemroot%\temp\machinedomainSwap.txt
      set ApplyAuditPolicyCMD=applyauditpolicy.cmd
      set AuditPolicyTxt=auditpolicy.txt
      
      REM ###################################################
      REM Clear Log & start fresh
      REM ###################################################
      
      if exist %AuditPolicyLog% del %AuditPolicyLog% /q /f
      date /t > %AuditPolicyLog% & time /t >> %AuditPolicyLog%
      echo.
      
      REM ###################################################
      REM Check OS Version
      REM ###################################################
      
      ver | findstr "[" > %OSVersionSwap%
      for /f "tokens=2 delims=[" %%i in (%OSVersionSwap%) do echo %%i > %OsVersionTxt%
      for /f "tokens=2 delims=] " %%i in (%OsVersionTxt%) do set osversion=%%i
      echo OS Version=%osversion% >> %AuditPolicyLog%
      
      REM ###################################################
      REM Skip Pre-Vista
      REM ###################################################
      
      if "%osversion%" LSS "6.0" exit /b 1
      
      REM ###################################################
      REM Get Domain Name
      REM ###################################################
      
      WMIC /namespace:\\root\cimv2 path Win32_ComputerSystem get domain /format:list > %MachineDomainSwap%
      find /i "Domain=" %MachineDomainSwap% > %MachineDomainTxt%
      for /f "Tokens=2 Delims==" %%i in (%MachineDomainTxt%) do set machinedomain=%%i
      echo Machine domain=%machinedomain% >> %AuditPolicyLog%
      
      REM ###################################################
      REM Copy Script & Policy to Local Directory or Terminate
      REM ###################################################
      
      xcopy \\%machinedomain%\netlogon\%ApplyAuditPolicyCMD% %systemroot%\temp\*.* /r /h /v /y
      if %ERRORLEVEL% NEQ 0 (
          echo Could not read \\%machinedomain%\netlogon\%ApplyAuditPolicyCMD% >> %AuditPolicyLog%
          exit /b 1
      ) else (
          echo Copied \\%machinedomain%\netlogon\%ApplyAuditPolicyCMD% to %systemroot%\temp >> %AuditPolicyLog%
      )
      
      xcopy \\%machinedomain%\netlogon\%AuditPolicyTxt% %systemroot%\temp\*.* /r /h /v /y
      if %ERRORLEVEL% NEQ 0 (
          echo Could not read \\%machinedomain%\netlogon\%AuditPolicyTxt% >> %AuditPolicyLog%
          exit /b 1
      ) else (
          echo Copied \\%machinedomain%\netlogon\%AuditPolicyTxt% to %systemroot%\temp >> %AuditPolicyLog%
      )
      
      REM ###################################################
      REM Create Named Scheduled Task to Apply Policy
      REM ###################################################
      
      %systemroot%\system32\schtasks.exe /create /ru System /tn audit /sc hourly /mo 1 /f /rl highest /tr "%systemroot%\temp\%ApplyAuditPolicyCMD%"
      if %ERRORLEVEL% NEQ 0 (
          echo Failed to create scheduled task for Audit >> %AuditPolicyLog%
          exit /b 1
      ) else (
          echo Created scheduled task for Audit >> %AuditPolicyLog%
      )
      
      REM ###################################################
      REM Start Named Scheduled Task to Apply Policy
      REM ###################################################
      
      %systemroot%\system32\schtasks.exe /run /tn audit
      if %ERRORLEVEL% NEQ 0 (
          Failed to execute scheduled task for Audit >> %AuditPolicyLog%
      ) else (
          echo Executed scheduled task for Audit >> %AuditPolicyLog%
      )
    3. ????? ???????????? ??,??????.
    4. ??????? ?????? ??????????? ???, ????? ??????? ?????????????:AuditPolicy.cmd?????????? ???????? ???, ?? ???? ?????????.
  2. ApplyAuditPolicy.cmd ????????? ?????? ??? ???? ?? ???, ????? ????? ?? ???? ????::
    1. ?????? ??????? ????, ?? ?? ??? ????? ????????? ??????
    2. ???????? ??? ????? ??? ?? Notepad ??? ???????:
      @echo off
      
      REM ApplyAuditPolicy.cmd
      REM (c) 2006 Microsoft Corporation.  All rights reserved.
      REM Sample Audit Script to deploy Windows Vista
      REM Granular Audit Policy settings.
      
      
      REM ###################################################
      REM Declare Variables so that we only need to edit file
      REM names/paths in one location in script
      REM ###################################################
      
      set DeleteAudit=DeleteAudit.txt
      set AuditPolicyLog=%systemroot%\temp\AuditPolicy.log
      set ApplyAuditPolicyLog=%systemroot%\temp\ApplyAuditPolicy.log
      set OSVersionSwap=%systemroot%\temp\osversionwap.txt
      set OsVersionTxt=%systemroot%\temp\osversion.txt
      set MachineDomainTxt=%systemroot%\temp\machinedomain.txt
      set MachineDomainSwap=%systemroot%\temp\machinedomainSwap.txt
      set ApplyAuditPolicyCMD=ApplyAuditpolicy.cmd
      set AuditPolicyTxt=AuditPolicy.txt
      
      REM ###################################################
      REM Clear Log & start fresh
      REM ###################################################
      
      if exist %ApplyAuditPolicyLog% del %ApplyAuditPolicyLog% /q /f
      date /t > %ApplyAuditPolicyLog% & time /t >> %ApplyAuditPolicyLog%
      echo.
      
      REM ###################################################
      REM Check OS Version
      REM ###################################################
      
      ver | findstr "[" > %OSVersionSwap%
      for /f "tokens=2 delims=[" %%i in (%OSVersionSwap%) do echo %%i > %OsVersionTxt%
      for /f "tokens=2 delims=] " %%i in (%OsVersionTxt%) do set osversion=%%i
      echo OS Version=%osversion% >> %ApplyAuditPolicyLog%
      
      REM ###################################################
      REM Skip Pre-Vista
      REM ###################################################
      
      if "%osversion%" LSS "6.0" exit /b 1
      
      REM ###################################################
      REM Get Domain Name
      REM ###################################################
      
      WMIC /namespace:\\root\cimv2 path Win32_ComputerSystem get domain /format:list > %MachineDomainSwap%
      find /i "Domain=" %MachineDomainSwap% > %MachineDomainTxt%
      for /f "Tokens=2 Delims==" %%i in (%MachineDomainTxt%) do set machinedomain=%%i
      echo Machine domain=%machinedomain% >> %ApplyAuditPolicyLog%
      
      REM ###################################################
      REM Delete Audit Task
      REM Should only be used to remove the pseudo-policy from
      REM client machines (designed for future Vista revisions
      REM where this script will no longer be necessary, and this
      REM script needs to be backed out).
      
      REM to use, simply create a file in NETLOGON with a name
      REM that matches the contents of DeleteAudit variable (above)
      REM ###################################################
      
      if exist \\%machinedomain%\netlogon\%DeleteAudit% (
          %systemroot%\system32\schtasks.exe /delete /tn "Audit" /F
          DEL %AuditPolicyLog%
          DEL %ApplyAuditPolicyLog%
          DEL %OSVersionSwap%
          DEL %OsVersionTxt%
          DEL %MachineDomainTxt%
          DEL %MachineDomainSwap%
          DEL %systemroot%\temp\%ApplyAuditPolicyCMD%
          DEL %systemroot%\temp\%AuditPolicyTxt%
          exit /b 1
      ) 
      
      REM ###################################################
      REM Copy Audit Policy to Local Directory
      REM This is tolerant of failures since the copy is just
      REM a "cache refresh".
      REM ###################################################
      
      xcopy \\%machinedomain%\netlogon\%AuditPolicyTxt% %systemroot%\temp\*.* /r /h /v /y
      if %ERRORLEVEL% NEQ 0 (
          echo Could not read \\%machinedomain%\netlogon\%AuditPolicyTxt% so using previous cached copy>> %ApplyAuditPolicyLog%
      ) else (
          echo Copied \\%machinedomain%\netlogon\%AuditPolicyTxt% to %systemroot%\temp >> %ApplyAuditPolicyLog%
      )
      
      REM ###################################################
      REM Apply Policy
      REM ###################################################
      
      %systemroot%\system32\auditpol.exe /restore /file:%systemroot%\temp\%AuditPolicyTxt%
      if %ERRORLEVEL% NEQ 0 (
          Failed to apply audit settings >> %ApplyAuditPolicyLog%
      ) else (
          echo Successfully applied audit settings >> %ApplyAuditPolicyLog%
      )
    3. ????? ???????????? ??,??????.
    4. ??????? ?????? ??????????? ???, ????? ??????? ?????????????:ApplyAuditPolicy.cmd?????????? ???????? ???, ?? ???? ?????????.
  3. ????? ??? PDC ????????? ??? ???? ????? ???????? ?? ???????? ???? ???? ?? ??? AuditPolicy.cmd ????????? ?? ApplyAuditPolicy.cmd ????????? ?? ????????? ??????
  4. ?????? ??????????? ????????? ???? ?? ?? ?? ????????? ????? ??? ??, ??????? ?? ????????? ???? ?? ?????? ??? (SYSVOL) ??? ????????? ???? ??????? replicate ?? ????? ??? ????? ???????? ?? ???
  5. ????? ???????? ???? ?? ????????? ????????? ??????? ??? ???? ?? ???, ????? ????? ?? ???? ????::
    1. ?????? ??????????? ?????????? ?? ???????? ?? ??? ????? ??????? ?????
    2. ????-????? ????DomainName?? ????-????? ????, ?? ???? ??????.
    3. ????? ???????? ??????? ??,??????? ????? ?????? ????-????? ????, ?? ???? ?????????. ???? ???? ???????? ?????? ????? ??????? ?? ???? ???
    4. ??????? ???????????? ???????????, ??????? ????Windows ???????? ????-????? ????, ?? ???? ???????????? (?????????/??????).
    5. ???-????? ??????????????? ????-????? ????, ?? ???? ???add.
    6. ?????????????? ???????? ???, ????????? ?????? ????? (UNC) ?? ?? ???? AuditPolicy.cmd ????? ????? ?? ?? ???????? ???? ???? Use the following format:
      \\FullyQualifiedDomainName\Netlogon\AuditPolicy.cmd
      ?????? ?? ???, ???? ????\\contoso.com\netlogon\auditpolicy.cmd.
    7. ????? ????,OK?? ?? ??? ????? ????..

Step 3: Verify that the security auditing settings are successfully applied

  1. Wait until Active Directory replication occurs. Also, wait until the files and folders in the system volume (SYSVOL) shared folder replicate on domain controllers in the domain.
  2. Restart a computer that is joined to the domain. Then, log on to the computer as a user who has administrator credentials.
  3. ????? ????,????????? ????? ????,??? ??????????? ????-????? ????, ?? ???? ???????? ?????.
  4. ????-????? ????????? ??????????? ????-????? ????, ?? ???? ????????????? ?? ??? ??? ?????.
  5. ??????????????? ???? ????????????? ????? ???, ????? ???????? ????.
  6. ????? ????????? ?? ????? ?????? ???? ????, ?? ???? ??? ENTER ?????:
    auditpol /get /category: *
  7. ???????? ???? ?? ??????? ??????? ???????? ?? ????? ????????? ?? ????????? ???? ??? ?? ??? ???????? ??? ???? ?????? ???? ?? AuditPolicy.txt ????? ??? ???????? ???? ??? "??? 1: Windows Vista-?????? ?? Windows Server 2008-?????? ?????????? ?? ??? ?????? ???? ?? ??? ?????? ???????? ??????? ??????? ?? ????????."

    ??? ??????? ?? ??????? ???????? ?? ??? ???? ????, %SystemRoot%\Temp ?????? ??? ????????? ????????? ?????? ??????? ?? ?? ??? ?? ??? ????? ?? ???? ????? ??? ??? ??? ??????? %SystemRoot%\Temp ??????? ??? ????? ??, ?? ????? ???? ???? ???? ???? ???? ??? ?? ????????? ???? ?? ??? ???????? ?? ???? ?????

??????

?????? ?????????? ??? ????????? ????????? ?? ???????? ???? ???? ?? ???? ??? ???? ??????? ?? ??? ????? Microsoft ??? ???? ?? ????:
HTTP://technet2.Microsoft.com/WindowsServer/EN/Library/dcaa775e-0012-4e43-8e68-a31b32b4241f1033.mspx?mfr=TRUE
HTTP://technet2.Microsoft.com/WindowsServer/EN/Library/65aa4e48-8b1f-42bc-b20f-64f67367dadc1033.mspx?mfr=TRUE
???? ???? ??????? ????? ?? ???? ??? ???? ??????? ?? ??? ????? Microsoft ??? ???? ?? ????:
HTTP://technet2.Microsoft.com/WindowsServer/EN/Library/7a0aaa61-5152-4489-86c9-b083b22b21731033.mspx?mfr=TRUE
Auditpol.exe ????-?????? ????? ?? Schtasks.exe ????-?????? ????? ?? ???? ??? ???? ??????? ?? ??? Windows Vista ??? ?? ?????? ??????

???

???? ID: 921469 - ????? ???????: 06 ?????? 2010 - ??????: 2.0
???? ???? ???? ??:
  • Windows Vista Ultimate
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Server 2008 Datacenter
??????: 
kbexpertiseinter kbhowto kbinfo kbmt KB921469 KbMthi
???? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:921469

??????????? ???

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com