Skip to main content
NetApp Knowledge Base

Can GPO change CIFS audit settings?

Views:
281
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9
  • CIFS Vserver configured to use GPO

Answer

Group Policy Object (GPO) can make modifications to CIFS audit settings. 

Additional Information

  • Group Policy Object (GPO) can be configured to modify a limited amount of CIFS audit settings. 
  • To configure, in the GPO editor, under Security settings, the following options are available:
    • Audit policy and event log
      • Specifies the type of logon events to be audited, including the following settings:
        • Do not audit
        • Audit only success events
        • Audit on failure events
        • Audit both success and failure events
      • Set by using the Audit logon events setting in the Local Policies/Audit Policy GPO.
If any of the three audit options are set (audit only success events, audit only failure events, audit both success and failure events), ONTAP audits both success and failure events.
  • Audit object access
  • Specifies the type of object access to be audited, including the following settings:
    • Do not audit
    • Audit only success events
    • Audit on failure events
    • Audit both success and failure events
  • Set by using the Audit object access setting in the Local Policies/Audit Policy GPO.
If any of the three audit options are set (audit only success events, audit only failure events, audit both success and failure events), ONTAP audits both success and failure events.
  • Log retention method
  • Specifies the audit log retention method, including the following settings
    • Overwrite the event log when size of the log file exceeds the maximum log size
    • Do not overwrite the event log (clear log manually)
  • Maximum log size
    • Specifies the maximum size of the audit log.
    • Set by using the Maximum security log size setting in the Event Log GPO.
To use audit policy and event log GPO settings, auditing must be configured on the CIFS-enabled SVM to which you want to apply these setting. If auditing is not configured on the SVM, the GPO settings will not be applied and will be dropped.

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.