��к�

Select the product you need help with

�Ը��'��º�¡��'��͡�˹��ҡ��ѡ�Ҥ��ʹ��·��´㹡�õ�Ǩ�ͺ��õ�駤��Ѻ��ҹ Windows Vista �� Windows Server 2008 �� Windows Server 2008 �� Windows Server 2003 �� Windows 2000

��Ţ�� (Article ID): 921469 - ��Ե�ѳ��Ǣ�ͧ㹺��

��ԡ��ʹ٢�ͨӡѴ��Ѻ�Դ�ͺ�ͧ KB ��¤��

��ԡ��ʴ��¤��е鹩�Ѻ��ѧ��§��ҧ�ѹ

��·�� | �غ��

��͸Ժ��Ըա��'��º�¡��'��͡�˹��ҡ��ѡ�Ҥ��ʹ��㹡�õ�Ǩ�ͺ��õ�駤��Ѻ��ҹ Windows Vista �� Windows Server 2008 �� Windows Server 2003 �� Windows 2000 windows Vista �� Windows Server 2008 ��س�Ѵ��ù�º�¡�õ�Ǩ�ͺ�дѺ��´�� ¹�º�¡�õ�Ǩ�ͺ ��͸Ժ��Ըա�÷��к��ö��ͻ�Ѻ��º�¡�õ�Ǩ�ͺẺ��˹��ͧ��ѡ�Ҥ��ʹ��·��´㹡�õ�Ǩ�ͺ��õ�駤��Ѻ�� Windows Vista �� Windows Server 2008

��Ѻ仴�ҹ�� | ��ʹ��

��

��͸Ժ�¶֧�Ըա��'��º�¡��'��͡�˹��ҡ��ѡ�Ҥ��ʹ��´��õ�駤�ҷ��Ǩ�ͺ��Ѻ�� Windows Vista �� Windows Server 2008 �� Windows Server 2003 �� Windows 2000 � Windows Vista �� Windows Server 2008 �س��ö��Ǻ��¢ͧ��º�¡�õ�Ǩ�ͺ��Թ��ҷ��س��к��Ժѵԡ�� Windows ��蹡�͹˹�� ؤ��繡�õ�Ǩ�ͺ��º�»��·��ҹ� Windows Vista ��ա��Դ��Թ��࿫�ͧ��ͧ��'��º�¡��' ��к��ö��鹵͹��͸Ժ��㹺��ͻ�Ѻ��º�¡�õ�Ǩ�ͺẺ��˹��ͧ��ѡ�Ҥ��ʹ��·��´㹡�õ�Ǩ�ͺ��õ�駤�ҡ��ҹ Windows Vista �� Windows Server 2008 �� Windows Server 2003 �� Windows 2000

��Ѻ仴�ҹ�� | ��ʹ��

��

��觷��þԨ�ó�

��仹�� ҧ��觷��þԨ�óҡ�͹��س�ӵ��鹵͹��Ƕ֧㹺��:

�Ըա��鴵��ҧ ��ҧ�� Netlogon ��ѹ �͡�ҡ�� ҧ�� %SystemRoot%\Temp ��ᤪ
��кǹ�ҹ��ҧ�ͧ Contoso.com
��кǹ��ù��ѹ��ɰҹ�� ͹䢵��仹��繨�ԧ:
- �س��¡Ѻ෤��ͧ��͵��仹��:
  - Group Policy startup scripts
  - Group Policy Management Console
  - The Auditpol.exe command-line tool
- You have a basic understanding of batch file processing.
You are familiar with the scripts that the procedure uses work to override legacy domain-based audit policy settings with the detailed audit policy settings that are available in Windows Vista. If you do not want to configure the detailed audit policy settings that are available in Windows Vista, do not use the procedure that this article discusses.
A legacy policy overwrites the auditpol settings only if the auditpol settings are defined explicitly in the legacy policy. �ѡɳС�÷ӧҹ��Դ�ҡ��͡Ẻ Additionally, if the auditpol settings are specified as �No auditing� or as �not defined,� the auditpol settings have precedence and are not overwritten by the legacy policy.

Use Group Policy to configure detailed security auditing settings for computers

To use Group Policy to configure detailed security auditing settings for Windows Vista-based or Windows Server 2008-based computers in a Windows Server 2003 domain or in a Windows 2000 domain, follow these steps.

Step 1: Determine the security auditing settings that you want to deploy to Windows Vista-based or Windows Server 2008-based computers

Log on to a computer as a user who has administrator credentials.
��ԡ��÷ӧҹ��价������ԡ����ԡ����Ѻ���� ԡ��¡��㹰ҹм��.
㹡����äǺ��ѭ�ռ����ͧ��ͺ ��ԡ��Թ��õ��.
Flush the default audit policy settings. To do this, type the following line at the command prompt, and then press ENTER:
auditpol /clear
Use the Auditpol.exe command-line tool to configure the custom audit policy settings that you want.

For example, type the following lines at the command prompt. Press ENTER after each line.
auditpol /set /subcategory:"user account management" /success:enable /failure:enable
auditpol /set /subcategory:"logon" /success:enable /failure:enable
auditpol /set /subcategory:"IPSEC Main Mode" /failure:enable
��˵�:To see all possible categories and subcategories, type the following line at the command prompt, and then press ENTER:
auditpol /list /subcategory:*
Type the following line at the command prompt, and then press ENTER:
auditpol /backup /file:auditpolicy.txt
Copy the Auditpolicy.txt file to the Netlogon share of the domain controller that holds the primary domain controller (PDC) emulator role in the domain.

The Auditpolicy.txt file contains all the audit policy settings that you configured. The startup script uses this file to reapply the policy. After you successfully apply the startup script one time, you do not have to restart the computer to update audit policy settings. To update audit policy settings, overwrite the earlier version of the Auditpolicy.txt file that you copied to the Netlogon share. To do this, create a new Auditpolicy.txt file, and then copy the new Auditpolicy.txt file to the Netlogon share.

Step 2: Create the scripts, and then add the scripts to the Netlogon share

Microsoft �ʴ��ҧ��¹��ͻ�Сͺ��͸Ժ��ҹ�� ա��Ѻ��Сѹ ��ªѴ��¹�� 駹��֧ ��ӡѴ��§��Ѻ��Сѹ�¹��ͧ��ë��͢��ͤ��Ѻ�ѵ�ػ��ʧ��੾�� ͹��ҹ��Ҥس�դ��¡Ѻ��ҡ��¹��ʴ�� ͧ��͵�ҧ� ��㹡��ҧ��ش��ͧ��кǹ�� ǡý��ʹѺʹع�ͧ Microsoft ��ö��͸Ժ��ǡѺ˹�ҷ��ҹ�ͧ��кǹ��੾�� Ѻ��¹��ҧ��ҹ��˹�ҷ��ҹ�� ҧ��кǹ�� ͵ͺʹͧ��ͧ��ҧ��ҧ˹�觢ͧ�س��੾��

Create the AuditPolicy.cmd script. ��ӵ��鹵͹��仹��::

��ҹ Notepad ��Ǩ֧�Դ�͡��ҧ

Paste the following code to the document in Notepad:

@echo off

REM AuditPolicy.cmd
REM (c) 2006 Microsoft Corporation.  All rights reserved.
REM Sample Audit Script to deploy Windows Vista
REM Granular Audit Policy settings.

REM Should be run as a startup script from Group Policy

REM ###################################################
REM Declare Variables so that we only need to edit file
REM names/paths in one location in script
REM ###################################################

set AuditPolicyLog=%systemroot%\temp\auditpolicy.log
set OSVersionSwap=%systemroot%\temp\osversionwap.txt
set OsVersionTxt=%systemroot%\temp\osversion.txt
set MachineDomainTxt=%systemroot%\temp\machinedomain.txt
set MachineDomainSwap=%systemroot%\temp\machinedomainSwap.txt
set ApplyAuditPolicyCMD=applyauditpolicy.cmd
set AuditPolicyTxt=auditpolicy.txt

REM ###################################################
REM Clear Log & start fresh
REM ###################################################

if exist %AuditPolicyLog% del %AuditPolicyLog% /q /f
date /t > %AuditPolicyLog% & time /t >> %AuditPolicyLog%
echo.

REM ###################################################
REM Check OS Version
REM ###################################################

ver | findstr "[" > %OSVersionSwap%
for /f "tokens=2 delims=[" %%i in (%OSVersionSwap%) do echo %%i > %OsVersionTxt%
for /f "tokens=2 delims=] " %%i in (%OsVersionTxt%) do set osversion=%%i
echo OS Version=%osversion% >> %AuditPolicyLog%

REM ###################################################
REM Skip Pre-Vista
REM ###################################################

if "%osversion%" LSS "6.0" exit /b 1

REM ###################################################
REM Get Domain Name
REM ###################################################

WMIC /namespace:\\root\cimv2 path Win32_ComputerSystem get domain /format:list > %MachineDomainSwap%
find /i "Domain=" %MachineDomainSwap% > %MachineDomainTxt%
for /f "Tokens=2 Delims==" %%i in (%MachineDomainTxt%) do set machinedomain=%%i
echo Machine domain=%machinedomain% >> %AuditPolicyLog%

REM ###################################################
REM Copy Script & Policy to Local Directory or Terminate
REM ###################################################

xcopy \\%machinedomain%\netlogon\%ApplyAuditPolicyCMD% %systemroot%\temp\*.* /r /h /v /y
if %ERRORLEVEL% NEQ 0 (
    echo Could not read \\%machinedomain%\netlogon\%ApplyAuditPolicyCMD% >> %AuditPolicyLog%
    exit /b 1
) else (
    echo Copied \\%machinedomain%\netlogon\%ApplyAuditPolicyCMD% to %systemroot%\temp >> %AuditPolicyLog%
)

xcopy \\%machinedomain%\netlogon\%AuditPolicyTxt% %systemroot%\temp\*.* /r /h /v /y
if %ERRORLEVEL% NEQ 0 (
    echo Could not read \\%machinedomain%\netlogon\%AuditPolicyTxt% >> %AuditPolicyLog%
    exit /b 1
) else (
    echo Copied \\%machinedomain%\netlogon\%AuditPolicyTxt% to %systemroot%\temp >> %AuditPolicyLog%
)

REM ###################################################
REM Create Named Scheduled Task to Apply Policy
REM ###################################################

%systemroot%\system32\schtasks.exe /create /ru System /tn audit /sc hourly /mo 1 /f /rl highest /tr "%systemroot%\temp\%ApplyAuditPolicyCMD%"
if %ERRORLEVEL% NEQ 0 (
    echo Failed to create scheduled task for Audit >> %AuditPolicyLog%
    exit /b 1
) else (
    echo Created scheduled task for Audit >> %AuditPolicyLog%
)

REM ###################################################
REM Start Named Scheduled Task to Apply Policy
REM ###################################################

%systemroot%\system32\schtasks.exe /run /tn audit
if %ERRORLEVEL% NEQ 0 (
    Failed to execute scheduled task for Audit >> %AuditPolicyLog%
) else (
    echo Executed scheduled task for Audit >> %AuditPolicyLog%
)

㹡����:�� ԡ�ѹ�֡.
㹡���ѹ�֡�繪�Դ��ͧ ��ԡ����:AuditPolicy.cmd㹡������ͧ ��Ǥ�ԡ�ѹ�֡.

Create the ApplyAuditPolicy.cmd script. ��ӵ��鹵͹��仹��::

��ҹ Notepad ��Ǩ֧�Դ�͡��ҧ

Paste the following code to the document in Notepad:

@echo off

REM ApplyAuditPolicy.cmd
REM (c) 2006 Microsoft Corporation.  All rights reserved.
REM Sample Audit Script to deploy Windows Vista
REM Granular Audit Policy settings.


REM ###################################################
REM Declare Variables so that we only need to edit file
REM names/paths in one location in script
REM ###################################################

set DeleteAudit=DeleteAudit.txt
set AuditPolicyLog=%systemroot%\temp\AuditPolicy.log
set ApplyAuditPolicyLog=%systemroot%\temp\ApplyAuditPolicy.log
set OSVersionSwap=%systemroot%\temp\osversionwap.txt
set OsVersionTxt=%systemroot%\temp\osversion.txt
set MachineDomainTxt=%systemroot%\temp\machinedomain.txt
set MachineDomainSwap=%systemroot%\temp\machinedomainSwap.txt
set ApplyAuditPolicyCMD=ApplyAuditpolicy.cmd
set AuditPolicyTxt=AuditPolicy.txt

REM ###################################################
REM Clear Log & start fresh
REM ###################################################

if exist %ApplyAuditPolicyLog% del %ApplyAuditPolicyLog% /q /f
date /t > %ApplyAuditPolicyLog% & time /t >> %ApplyAuditPolicyLog%
echo.

REM ###################################################
REM Check OS Version
REM ###################################################

ver | findstr "[" > %OSVersionSwap%
for /f "tokens=2 delims=[" %%i in (%OSVersionSwap%) do echo %%i > %OsVersionTxt%
for /f "tokens=2 delims=] " %%i in (%OsVersionTxt%) do set osversion=%%i
echo OS Version=%osversion% >> %ApplyAuditPolicyLog%

REM ###################################################
REM Skip Pre-Vista
REM ###################################################

if "%osversion%" LSS "6.0" exit /b 1

REM ###################################################
REM Get Domain Name
REM ###################################################

WMIC /namespace:\\root\cimv2 path Win32_ComputerSystem get domain /format:list > %MachineDomainSwap%
find /i "Domain=" %MachineDomainSwap% > %MachineDomainTxt%
for /f "Tokens=2 Delims==" %%i in (%MachineDomainTxt%) do set machinedomain=%%i
echo Machine domain=%machinedomain% >> %ApplyAuditPolicyLog%

REM ###################################################
REM Delete Audit Task
REM Should only be used to remove the pseudo-policy from
REM client machines (designed for future Vista revisions
REM where this script will no longer be necessary, and this
REM script needs to be backed out).

REM to use, simply create a file in NETLOGON with a name
REM that matches the contents of DeleteAudit variable (above)
REM ###################################################

if exist \\%machinedomain%\netlogon\%DeleteAudit% (
    %systemroot%\system32\schtasks.exe /delete /tn "Audit" /F
    DEL %AuditPolicyLog%
    DEL %ApplyAuditPolicyLog%
    DEL %OSVersionSwap%
    DEL %OsVersionTxt%
    DEL %MachineDomainTxt%
    DEL %MachineDomainSwap%
    DEL %systemroot%\temp\%ApplyAuditPolicyCMD%
    DEL %systemroot%\temp\%AuditPolicyTxt%
    exit /b 1
) 

REM ###################################################
REM Copy Audit Policy to Local Directory
REM This is tolerant of failures since the copy is just
REM a "cache refresh".
REM ###################################################

xcopy \\%machinedomain%\netlogon\%AuditPolicyTxt% %systemroot%\temp\*.* /r /h /v /y
if %ERRORLEVEL% NEQ 0 (
    echo Could not read \\%machinedomain%\netlogon\%AuditPolicyTxt% so using previous cached copy>> %ApplyAuditPolicyLog%
) else (
    echo Copied \\%machinedomain%\netlogon\%AuditPolicyTxt% to %systemroot%\temp >> %ApplyAuditPolicyLog%
)

REM ###################################################
REM Apply Policy
REM ###################################################

%systemroot%\system32\auditpol.exe /restore /file:%systemroot%\temp\%AuditPolicyTxt%
if %ERRORLEVEL% NEQ 0 (
    Failed to apply audit settings >> %ApplyAuditPolicyLog%
) else (
    echo Successfully applied audit settings >> %ApplyAuditPolicyLog%
)

㹡����:�� ԡ�ѹ�֡.
㹡���ѹ�֡�繪�Դ��ͧ ��ԡ����:ApplyAuditPolicy.cmd㹡������ͧ ��Ǥ�ԡ�ѹ�֡.

Copy the AuditPolicy.cmd script and the ApplyAuditPolicy.cmd script to the Netlogon share of the domain controller that holds the PDC emulator role in the domain.
Wait until Active Directory replication occurs. Also, wait until the files and folders in the system volume (SYSVOL) shared folder replicate on domain controllers in the domain.
Add the startup script to the Default Domain Policy. ��ӵ��鹵͹��仹��::
1. ��ͧ��ͷ��ͧ��á��շ��ҹ��Ф��
2. ��ԡ��DomainName�� ԡ�س��ѵ�.
3. ��ԡ����º�¡���� ԡ��º���� ԡ��. The Group Policy Object Editor tool starts.
4. ����á�˹��Ҥ������õ�駤�� windows�� ԡʤ�Ի�� (/ �Դ��ͧ��Ѻ��).
5. ��ԡ�ͧ������ ԡadd.
6. 㹡����ʤ�Ի��box, type the universal naming convention (UNC) path of the AuditPolicy.cmd file that is located in the Netlogon share. Use the following format:
  \\FullyQualifiedDomainName\Netlogon\AuditPolicy.cmd
  ��ҧ�� \\contoso.com\netlogon\auditpolicy.cmd.
7. ��ԡ��ŧ�ͧ��

Step 3: Verify that the security auditing settings are successfully applied

Wait until Active Directory replication occurs. Also, wait until the files and folders in the system volume (SYSVOL) shared folder replicate on domain controllers in the domain.
Restart a computer that is joined to the domain. Then, log on to the computer as a user who has administrator credentials.
��ԡ��÷ӧҹ��价������ ԡ��.
��ԡ����Ѻ���� ԡ��¡��㹰ҹм��.
㹡����äǺ��ѭ�ռ����ͧ��ͺ ��ԡ��Թ��õ��.
��÷Ѵ��仹��Ѻ�� С� enter:
auditpol /get /category: *
��Ǩ�ͺ�� 駤�ҡ�õ�Ǩ�ͺ��ʹ��·��ʴ��觵ç�Ѻ��õ�駤�ҷ��˹�� AuditPolicy.txt ��س��ҧ�� "��鹵͹�� 1: ��˹��ʹ��Ѻ��õ�Ǩ�ͺ��õ�駤�ҷ��س��ͧ��û�Ѻ�� Windows �� Vista �� Windows Server 2008 �� "

��ա�õ�駤�ҡ�õ�Ǩ�ͺ��ʹ��ç�Ѻ ��Ǩ�ͺ��ѹ�֡��ҧ�� ʤ�Ի�� %SystemRoot%\Temp ��ѹ�֡�� %SystemRoot%\Temp ��Ǩ�ͺ��ʹ��˵��'��º�¡��'��

��Ѻ仴�ҹ�� | ��ʹ��

��ҧ�ԧ

��Ѻ��ǡѺ�Ըա�á�˹��ҹʤ�Ի�� Active Directory ��价��䫵��仹��ͧ Microsoft:

http://technet2.microsoft.com/WindowsServer/en/Library/dcaa775e-0012-4e43-8e68-a31b32b4241f1033.mspx?mfr=true

(http://technet2.microsoft.com/WindowsServer/en/Library/dcaa775e-0012-4e43-8e68-a31b32b4241f1033.mspx?mfr=true)

http://technet2.microsoft.com/WindowsServer/en/Library/65aa4e48-8b1f-42bc-b20f-64f67367dadc1033.mspx?mfr=true

(http://technet2.microsoft.com/WindowsServer/en/Library/65aa4e48-8b1f-42bc-b20f-64f67367dadc1033.mspx?mfr=true)

��Ѻ��ǡѺ�͹�š�èѴ��ù�º�¡�� 价��䫵��仹��ͧ Microsoft:

http://technet2.microsoft.com/WindowsServer/en/Library/7a0aaa61-5152-4489-86c9-b083b22b21731033.mspx?mfr=true

(http://technet2.microsoft.com/WindowsServer/en/Library/7a0aaa61-5152-4489-86c9-b083b22b21731033.mspx?mfr=true)

For more information about the Auditpol.exe command-line tool and the Schtasks.exe command-line tool, see Windows Vista Help and Support.

��Ѻ仴�ҹ�� | ��ʹ��

�س��ѵ�

��Ţ�� (Article ID): 921469 - ��Ǥ��ش��: 16 ��Ҥ� 2554 - Revision: 4.0

��Ѻ

Windows Vista Ultimate
Windows Vista Business
Windows Vista Enterprise
Windows Server 2008 Enterprise
Windows Server 2008 Standard
Windows Server 2008 Datacenter

kbexpertiseinter kbhowto kbinfo kbmt KB921469 KbMtth

��¤��

��Ӥѭ: ��«Ϳ��Ŵ��¤��ͧ Microsoft ᷹��繹ѡ�ŷ��繺ؤ�� Microsoft �պ��¹ѡ��к��Ŵ��¤�� س��ö��Ҷ֧��㹰ҹ��ͧ�� Ңͧ�س�ͧ ��ҧ�á�� Ŵ��¤��Ҩ�բ�ͺ��ͧ ��Ҩ�բ�ͼԴ��Ҵ㹤��Ѿ�� ٻẺ��ҡó� ��ǡѺ�óշ��ǵ�ҧ�ҵԾٴ�Դ��;ٴ��Ңͧ�س Microsoft ��ǹ�Ѻ�Դ�ͺ��ͤ��Ҵ��͹ ��Դ��Ҵ��ͤ��·��Դ�ҡ��ҼԴ��Ҵ ��͡��麷�Ţͧ�١�� Microsoft �ա�û�Ѻ��ا�Ϳ��Ŵ��¤��繻�Ш�

��仹��繩�Ѻ��ѧ��ɢͧ��:921469

(http://support.microsoft.com/kb/921469/en-us/ )

��Ѻ仴�ҹ�� | ��ʹ��