利用 secedit.exe 配置本地审核策略

代码（samtool.bat）：

if exist SAMTool.sdb erase SAMTool.sdb /q
if exist SAMTool.inf erase SAMTool.inf /q
if exist SAMTool.log erase SAMTool.log /q

if {%1} == {-b} secedit /export /cfg %2 /log SAMTool.log /quiet

if {%1} == {-r} secedit /configure /db SAMTool.sdb /cfg %2 /log SAMTool.log /quiet

if {%1} == {-o} (
 if {%4} == {}       goto :help
 if not {%3} == {-p} goto :help

 echo %4 | findstr "[0-3]" >nul || goto :help

 rem pushd %windir%/system32/
 echo.[version]       >>SAMTool.inf
 echo.signature="$CHICAGO$"    >>SAMTool.inf
 echo.[Event Audit]      >>SAMTool.inf

 echo.%2 | findstr "D" >nul && echo.AuditDSAccess=%4   >>SAMTool.inf
 echo.%2 | findstr "E" >nul && echo.AuditLogonEvents=%4  >>SAMTool.inf
 echo.%2 | findstr "S" >nul && echo.AuditSystemEvents=%4  >>SAMTool.inf
 echo.%2 | findstr "O" >nul && echo.AuditObjectAccess=%4  >>SAMTool.inf
 echo.%2 | findstr "U" >nul && echo.AuditPrivilegeUse=%4  >>SAMTool.inf
 echo.%2 | findstr "C" >nul && echo.AuditPolicyChange=%4  >>SAMTool.inf
 echo.%2 | findstr "L" >nul && echo.AuditAccountLogon=%4  >>SAMTool.inf
 echo.%2 | findstr "M" >nul && echo.AuditAccountManage=%4  >>SAMTool.inf
 echo.%2 | findstr "P" >nul && echo.AuditProcessTracking=%4 >>SAMTool.inf

 if {%2} == {A} (
  echo.AuditDSAccess=%4     >>SAMTool.inf
  echo.AuditLogonEvents=%4    >>SAMTool.inf
  echo.AuditSystemEvents=%4    >>SAMTool.inf
  echo.AuditObjectAccess=%4    >>SAMTool.inf
  echo.AuditPrivilegeUse=%4    >>SAMTool.inf
  echo.AuditPolicyChange=%4    >>SAMTool.inf
  echo.AuditAccountLogon=%4    >>SAMTool.inf
  echo.AuditAccountManage=%4    >>SAMTool.inf
  echo.AuditProcessTracking=%4   >>SAMTool.inf
 )
 secedit /configure /db SAMTool.sdb /cfg SAMTool.inf /log SAMTool.log /quiet
)

if {%3} == {-v} type SAMTool.log
if {%5} == {-v} type SAMTool.log

if exist SAMTool.sdb erase SAMTool.sdb /q
if exist SAMTool.inf erase SAMTool.inf /q
if exist SAMTool.log erase SAMTool.log /q

发表评论 共有条评论 用户名: 密码: 验证码: 匿名发表