wntAuditAdd and MS Windows NT Security Configuration Editor Patch
Keywords: wntAuditAdd Windows NT Security Configuration Editor patch
Question:
I am using the function wntauditadd to add audit functionality to a shared directory on an
NT 4.0 system with service pack 4 (also tested with SP5). I set the audits I wanted to
collect on the directory and used wntauditget to capture the values to use in the wntauditadd
function call. When I run the wbt with the wntauditadd function call it runs but when I go
into NT security properties on the directory I get an error: "The security information for
C:\transfer is not standard and cannot be displayed. Windows NT 3.x and 4.x support certain
features such as Deny Access Control Entries but cannot edit security information which uses
these features. The information may have been modified by a computer running Windows NT 5.0,
which supports these features and can edit information which uses them. Do you want to overwrite
the current security information?"
What am I doing wrong. I want to audit read/write/delete of files in the c:\transfer directory.
Answer:
Try doing a wntAuditGet after the wntAuditAdd, and see if it
comes back identical to the previous result (from when you set them
manually). Also, how about wntAccessAdd? Does it work properly?
Resolution:
Yes the values come back identical and when looking in the security logs in event viewer
the audit appears to work.
I think I have found the problem! The audit information appears correctly on a machine that
is running the Windows NT Security Configuration Editor patch from Microsoft that allows
using the MMC on a Windows NT 4.0 machine to set permissions and audits. It contains different
auditing combinations than does NT 4.0 with the service packs. Although you cannot look at the
settings without the upgrade the audit functions as expected.
Article ID: W14476
Filename: wntAuditAdd and MS Patch.txt
File Created: 2000:03:27:18:12:56
Last Updated: 2000:03:27:18:12:56