Registry Key Auditing

  • Thread starter Thread starter Ed Rauscher
  • Start date Start date
E

Ed Rauscher

Does ayone know what Class is used to enable Registry Auditing? Any help
would be great.
 
I am not aware of any class in the FCL which can help you do that directly,
but you can use the auditing provided by Windows itself, which is very
comprehensive. I suppose, you can enable auditing as a group policy and
configure the specific registry keys you want to audit to enable
access/delete etc. Audit actions are logged into the security event log
which you can monitor using conventional EntryWritten event of the EventLog
class. This is one round-about way I can think of..
 
Thanks for the info, but I am looking to automate this through VB.Net or
something simular, and not through Group Policy. By enabling it through
Group Policy you would have to let Group Policy manage your Registry
permissions as well, and this is something my company does not want it to
manage. Thanks again for the info though

- ETR

Manoj G said:
I am not aware of any class in the FCL which can help you do that directly,
but you can use the auditing provided by Windows itself, which is very
comprehensive. I suppose, you can enable auditing as a group policy and
configure the specific registry keys you want to audit to enable
access/delete etc. Audit actions are logged into the security event log
which you can monitor using conventional EntryWritten event of the EventLog
class. This is one round-about way I can think of..

--
Manoj G [.NET MVP]
Site: http://www15.brinkster.com/manoj4dotnet
Blog: http://msmvps.com/manoj/

Ed Rauscher said:
Does ayone know what Class is used to enable Registry Auditing? Any help
would be great.
Click to expand...
Click to expand...
 
Back
Top