Setting audit policy on any Windows version

2

Is it possible to set an object audit policy on any version of Windows? I can do it on Enterprise, but wanted to know if it was possible on Home Premium (or any version of Windows without group policy). I want to log when files are successfully accessed, and what process accessed them.

I set the Audit policy to a folder, by the Audit tab, but I see no logs regarding file activity (under Security in Event Viewer). It seems like unless enabling Object Access in Group Policy, nothing gets logged. Yet, there's an Audit tab in versions not Professional (or higher)?

user287848

Posted 2015-12-14T19:16:25.170

Reputation: 23

You can install gpedit.msc on Windows Starter Edition, Home and Home Premium. See my answer to Windows 7 (Home Premium): eventvwr.exe: How to log workstation locking and unlocking and screensaver invoked and dismissed events for instructions.

– DavidPostill – 2015-12-14T21:45:16.777

I never thought to ask "how do i use gpedit on non-pro versions" because it legitimately sounds stupid. Apparently you can. Thanks that looks very promising. – user287848 – 2015-12-14T21:53:47.947

Please post your comment as an answer, so I can mark it. I used the link you provided, and found the installer. I wanted to break it down, so I discovered all files were copied to C:\Windows\Temp (not sure why there). I copied everything to another folder, and could run it without the installer. So it seems gpedit works as long as all other needed files are in the same directory. – user287848 – 2015-12-14T22:10:05.207

Done. I'm happy it worked for you. – DavidPostill – 2015-12-14T23:10:14.527

Answers

0

Is it possible to set an object audit policy on any version of Windows?

Yes it is. You can install gpedit.msc on Windows Starter Edition, Home and Home Premium.

How do I install gpedit.msc on Windows Starter Edition, Home and Home Premium?

I used the following procedure to successfully install gpedit.msc on Windows 7 64 bit Home Premium.

It apparently works on Windows 8 and Windows 8.1 as well.

UPDATE: According to some readers, this tool also works fine in Windows 8 and Windows 8.1.

Today we are going to share a simple installer which installs the required system files in Windows so that you can enjoy Group Policy Editor in all Windows 7 editions.

  1. First download the setup file using following link:

    [Download Group Policy Editor Installer][3]

    You'll find the download link in right-side section of the above mentioned page.

  2. After downloading the ZIP file, extract it using WinRAR or 7-Zip.

  3. Run the extracted setup.exe file.

    It will install the files and you'll be able to access gpedit.msc command via RUN or Start Menu search box.

Note:

  • For Windows 7 64-bit (x64) users! You'll also need to go to "SysWOW64" folder present in "C:\Windows" folder and copy "GroupPolicy", "GroupPolicyUsers" folders and gpedit.msc file from there and paste them in "C:\Windows\System32" folder.

If you are getting "MMC could not create the snap-in" error message while running gpedit.msc, check out following steps to fix the problem. Basically it happens when your username in Windows contains more than one word.

  1. Run the installer and leave it at the last step (do not click on the "Finish" button).

  2. Now go to C:\Windows\Temp\gpedit\ folder.

  3. If you are running 32-bit (x86) edition of Windows 7, right-click on x86.bat file and choose "Open With -> Notepad" option. If you are running 64-bit (x64) edition of Windows 7, right-click on x64.bat file and choose "Open With -> Notepad" option.

  4. You'll find a total of 6 lines containing the following string in the file:

    %username%:f

  5. Edit those lines and replace %username%:f with "%username%":f

    Original: icacls %WinDir%\SysWOW64\gpedit.dll /grant:r %username%:f

    New: icacls %WinDir%\SysWOW64\gpedit.dll /grant:r "%username%":f

  6. Save and run the file (right-click -> Run as Administrator).

  7. That's it. You'll have working gpedit.msc.

Source How to Enable "Group Policy Editor" (gpedit.msc) in Windows 7 Home Premium, Home Basic and Starter Editions?

DavidPostill

Posted 2015-12-14T19:16:25.170

Reputation: 118 938

0

This works on Windows 10 (Home) without any additional software or system modification.

auditpol /set /subcategory:"File System" /success:enable

To check current state: auditpol /get /subcategory:"File System"

To see all audit policies: auditpol /get /category:*

To Enable (*) gpedit on Windows Home, run this in elevated CMD console:

FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~*.mum") DO (

DISM /Online /NoRestart /Add-Package:"%F"

)

FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~*.mum") DO (

DISM /Online /NoRestart /Add-Package:"%F"

)

from: https://www.techspot.com/guides/1719-group-policy-editor-windows-home/

(*) by Enable understand: Add from Packages already present in the system

papo

Posted 2015-12-14T19:16:25.170

Reputation: 351

Asked: 2015-12-14T19:16:25.170

Viewed: 441 times

Active: 2019-07-17T00:12:01.020