Configure local audit policies with Secedit.exe _dos/bat

The code has no technical content and the graphical operation is converted to a command line.

Effect Chart:

Code (SAMTOOL.BAT):

Copy Code code as follows:

@echo off
If {%1} = = {} goto:help
if {%2} = = {} goto:help

If exist Samtool.sdb erase samtool.sdb/q
If exist Samtool.inf erase samtool.inf/q
If exist SAMTool.log erase samtool.log/q

If {%1} = = {-B} secedit/export/cfg%2/log Samtool.log/quiet

If {%1} = = {-R} secedit/configure/db samtool.sdb/cfg%2/log samtool.log/quiet

If {%1} = = {-O} (
if {%4} = = {} goto:help
If not {%3} = = {p} goto:help

echo%4 | Findstr "[0-3]" >nul | | Goto:help

REM pushd%windir%\system32\
Echo. [Version] >>samtool.inf
Echo.signature= "$CHICAGO $" >>samtool.inf
Echo. [Event Audit] >>samtool.inf

 echo.%2 | findstr "D" >nul && Echo. Auditdsaccess=%4   >>samtool.inf
 echo.%2 | findstr "E" >nul && Echo. Auditlogonevents=%4  >>samtool.inf
 echo.%2 | findstr "S" >nul && Echo. Auditsystemevents=%4  >>samtool.inf
 echo.%2 | findstr "O" >nul && Echo. Auditobjectaccess=%4  >>samtool.inf
 echo.%2 | findstr "U" >nul && Echo. Auditprivilegeuse=%4  >>samtool.inf
 echo.%2 | findstr "C" >nul && Echo. Auditpolicychange=%4  >>samtool.inf
 echo.%2 | findstr "L" >nul && Echo. Auditaccountlogon=%4  >>samtool.inf
 echo.%2 | findstr "M" >nul && Echo. Auditaccountmanage=%4  >>samtool.inf
 echo.%2 | findstr "P" >nul && Echo. Auditprocesstracking=%4 >>samtool.inf

if {%2} = = {A} (
Echo. Auditdsaccess=%4 >>samtool.inf
Echo. Auditlogonevents=%4 >>samtool.inf
Echo. Auditsystemevents=%4 >>samtool.inf
Echo. Auditobjectaccess=%4 >>samtool.inf
Echo. Auditprivilegeuse=%4 >>samtool.inf
Echo. Auditpolicychange=%4 >>samtool.inf
Echo. Auditaccountlogon=%4 >>samtool.inf
Echo. Auditaccountmanage=%4 >>samtool.inf
Echo. Auditprocesstracking=%4 >>samtool.inf
)
secedit/configure/db samtool.sdb/cfg Samtool.inf/log Samtool.log/quiet
)

if {%3} = = {-V} type SAMTool.log
if {%5} = = = {-V} type SAMTool.log

If exist Samtool.sdb erase samtool.sdb/q
If exist Samtool.inf erase samtool.inf/q
If exist SAMTool.log erase samtool.log/q

Exit/b

: Help
Cls
Echo. System Audit Strategy Manage tool. (C) Copyright 2013 enun-net.
Echo.
Echo. Usage:samtool-b^|r [Drive:][path][filename]-O options-p parameters-v
Echo.
Echo. -B Backup The current configuration, specifies a INF file.
Echo. -R from a INF file recovery configuration.
Echo. -O options^ (Support multiple^):
Echo. D:directory Service Access
Echo. E:logon Events
Echo. S:system Events
Echo. O:object Access
Echo. U:privilege use
Echo. C:policy Change
Echo. L:account Logon
Echo. M:account Manage
Echo. P:process Tracking
Echo. A:all Audit
Echo. -P Parameters:
Echo. 0:don ' t audit
Echo. 1:only Audit Successful
Echo. 2:only Audit Failure
Echo. 3:all Audit ^ (successful and failure^)
Echo. -V Detailed results.
Echo.
Echo. Example:samtool-o ec-p 0-v
Echo. Samtool-b c:\myconfig.inf-v
Exit/b

For example: Samtool-o ec-p 1-v, the configuration Audit policy is: Audit policy changes (success), Audit logon events (success), and display more detailed output.

Original: https://www.enun.net/?p=2339