Skip to main content
NetApp Knowledge Base

Can GPO change CIFS audit settings?

Views:
103
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

Applies to

  • ONTAP 9
  • CIFS Vserver configured to use GPO

Answer

Group Policy Object (GPO) can make modifications to CIFS audit settings. 

Additional Information

  • Group Policy Object (GPO) can be configured to modify a limited amount of CIFS audit settings. 
  • To configure, in the GPO editor, under Security settings, the following options are available:
    • Audit policy and event log
      • Specifies the type of logon events to be audited, including the following settings:
        • Do not audit
        • Audit only success events
        • Audit on failure events
        • Audit both success and failure events
      • Set by using the Audit logon events setting in the Local Policies/Audit Policy GPO.
If any of the three audit options are set (audit only success events, audit only failure events, audit both success and failure events), ONTAP audits both success and failure events.
  • Audit object access
  • Specifies the type of object access to be audited, including the following settings:
    • Do not audit
    • Audit only success events
    • Audit on failure events
    • Audit both success and failure events
  • Set by using the Audit object access setting in the Local Policies/Audit Policy GPO.
If any of the three audit options are set (audit only success events, audit only failure events, audit both success and failure events), ONTAP audits both success and failure events.
  • Log retention method
  • Specifies the audit log retention method, including the following settings
    • Overwrite the event log when size of the log file exceeds the maximum log size
    • Do not overwrite the event log (clear log manually)
  • Maximum log size
    • Specifies the maximum size of the audit log.
    • Set by using the Maximum security log size setting in the Event Log GPO.
To use audit policy and event log GPO settings, auditing must be configured on the CIFS-enabled SVM to which you want to apply these setting. If auditing is not configured on the SVM, the GPO settings will not be applied and will be dropped.