You need to generate an audit event whenever Admin1 is denied access to a file or folder

Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1 that runs Windows Server 2012 R2.
A local account named Admin1 is a member of the Administrators group on Server1.
You need to generate an audit event whenever Admin1 is denied access to a file or folder.
What should you run?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1 that runs Windows Server 2012 R2.
A local account named Admin1 is a member of the Administrators group on Server1.
You need to generate an audit event whenever Admin1 is denied access to a file or folder.
What should you run?

A.
auditpol.exe /set /userradmin1 /failure: enable

B.
auditpol.exe /set /user: admin1 /category: “detailed tracking” /failure: enable

C.
auditpol.exe /resourcesacl /set /type: file /user: admin1 /failure

D.
auditpol.exe /resourcesacl /set /type: key /user: admin1 /failure /access: ga

Explanation:

To set a global resource SACL to audit successful and failed attempts by a user to perform generic read and
write functions on files or folders:
http: //technet. microsoft. com/en-us/library/ff625687. aspx
auditpol /resourceSACL /set /type: File /user: MYDOMAINmyuser /success /failure /access: FRFW
Syntax
http: //technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx
auditpol /resourceSACL
[/set /type: <resource> [/success] [/failure] /user: <user> [/access: <access flags>]]
[/remove /type: <resource> /user: <user> [/type: <resource>]]
[/clear [/type: <resource>]]
[/view [/user: <user>] [/type: <resource>]]
http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/library/ff625687. aspx
http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx

Show Hint

Leave a Reply 7

Your email address will not be published. Required fields are marked *

Grifter

Grifter

The specified machine is 2012 R2; the answer is B.

/resourceSACL Configures global resource system access control lists (SACLs).
Applies only to Windows 7 and Windows Server 2008 R2.

https://technet.microsoft.com/en-us/library/Cc731451.aspx

Reply

Rada

Rada

That page is dated btw and in the Windows 2012 R2 70-411 book, it’s still provided in the list of commands. Have you tried it yourself?

Reply

kurt

kurt

it appears to be C. however what is interesting is that this is configuring auditing at the file/folder level. u could do this via the advanced button on security tab.
This wont do anything unless you have configured auditing of object access via the the traditional or advanced audit policies FIRST

Reply

kitz

kitz

The ResourceSACLE flag is only used for Server 2008 and Windows 7. Every Technet link that has been posted even states this.
the question states the Server is Server2012, limiting the answer to either A or B

assuming the flag is correctly typed in question ( /userradmin1 should be /user: admin1 )
the ‘Detailed Tracking’ catagory is to monitor individual applications. Services, RPC Events. Not folders.

so that would leave A as my answer

Reply