1. Create a new security policy group file Samtool.inf
MD C:\SAMLog & Echo [Version] >c:\samlog\samtool.inf &echo signature= "" $CHICAGO $ "" >>c:\samlog\ Samtool.inf &echo [Event Audit] >>c:\samlog\samtool.inf & (Echo auditsystemevents=3 >>c:\samlog\ Samtool.inf) & Echo auditlogonevents=3 >>c:\samlog\samtool.inf & Echo auditobjectaccess=3 >>C:\ Samlog\samtool.inf & Echo auditprivilegeuse=3 >>c:\samlog\samtool.inf & Echo auditpolicychange=3 > >c:\samlog\samtool.inf & Echo auditaccountmanage=3 >>c:\samlog\samtool.inf & Echo Auditprocesstracking=3 >>c:\samlog\samtool.inf & Echo auditdsaccess=3 >>c:\samlog\samtool.inf & Echo auditaccountlogon=3 >>c:\samlog\samtool.inf
2 Import the Security Policy group file:
secedit/configure/db c:\samlog\samtool.sdb/cfg c:\samlog\samtool.inf/log c:\samlog\samtool.log/quiet &rd/s/q C : \samlog "
Run: Audit policy, local policy, security settings, gpedit.msc Computer Configuration--local security set to 3: Success failed, 2: Failed, 1: Success, 0: not audited
Modify the security Policy Group--Windows