Меню

Access logs windows 10

Log Files

You can use User State Migration Tool (USMT)В 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations. This topic describes the available command-line options to enable USMT logs, and new XML elements that configure which types of errors are fatal and should halt the migration, which types are non-fatal and should be skipped so that the migration can continue.

Log Command-Line Options

The following table describes each command-line option related to logs, and it provides the log name and a description of what type of information each log contains.

/l[Path]FileName

Scanstate.log or LoadState.log

Specifies the path and file name of the ScanState.log or LoadState log.

/progress[Path]FileName

Specifies the path and file name of the Progress log.

Provides information about the status of the migration, by percentage complete.

/v[VerbosityLevel]

See the «Monitoring Options» section in ScanState Syntax.

/listfiles[Path]FileName

Specifies the path and file name of the Listfiles log.

Provides a list of the files that were migrated.

Set the environment variable MIG_ENABLE_DIAG to a path to an XML file.

The diagnostic log contains detailed system environment information, user environment information, and information about the migration units (migunits) being gathered and their contents.

NoteВ В You cannot store any of the log files in StorePath. If you do, the log will be overwritten when USMT is run.

ScanState and LoadState Logs

ScanState and LoadState logs are text files that are create when you run the ScanState and LoadState tools. You can use these logs to help monitor your migration. The content of the log depends on the command-line options that you use and the verbosity level that you specify. For more information about verbosity levels, see Monitoring Options in ScanState Syntax.

Progress Log

You can create a progress log using the /progress option. External tools, such as Microsoft System Center Operations Manager 2007, can parse the progress log to update your monitoring systems. The first three fields in each line are fixed as follows:

Date: Date, in the format of day shortNameOfTheMonth year. For example: 08 Jun 2006.

Local time: Time, in the format of hrs:minutes:seconds (using a 24-hour clock). For example: 13:49:13.

Migration time: Duration of time that USMT was run, in the format of hrs:minutes:seconds. For example: 00:00:10.

The remaining fields are key/value pairs as indicated in the following table.

ScanState.exe or LoadState.exe.

The full product version number of USMT.

The name of the source or destination computer on which USMT was run.

The full command used to run USMT.

Reports that a new phase in the migration is starting. This can be one of the following:

For the ScanState tool, these are the users USMT detected on the source computer that can be migrated.

For the LoadState tool, these are the users USMT detected in the store that can be migrated.

Defines whether the user profile/component is included for migration. Valid values are Yes or No.

Specifies either of the following:

The user state being migrated.

This Computer, meaning files and settings that are not associated with a user.

Specifies a component detected by USMT.

For ScanState, this is a component or application that is installed on the source computer.

For LoadState, this is a component or application that was detected in the store.

Total size of the files and settings to migrate in megabytes (MB).

Total percentage of the migration that has been completed by either ScanState or LoadState.

Specifies which user ScanState is collecting files and settings for.

Time estimate, in minutes, for the migration to complete.

Type of non-fatal error that occurred. This can be one of the following:

UnableToCopy: Unable to copy to store because the disk on which the store is located is full.

UnableToOpen: Unable to open the file for migration because the file is opened in non-shared mode by another application or service.

UnableToCopyCatalog: Unable to copy because the store is corrupted.

UnableToAccessDevice: Unable to access the device.

UnableToApply: Unable to apply the setting to the destination computer.

The name of the file or setting that caused the non-fatal error.

Action taken by USMT for the non-fatal error. The values are:

Ignore: Non-fatal error ignored and the migration continued because the /c option was specified on the command line.

Abort: Stopped the migration because the /c option was not specified.

The errorCode or return value.

The total number of non-fatal errors that USMT ignored.

The message corresponding to the errorCode.

List Files Log

The List files log (Listfiles.txt) provides a list of the files that were migrated. This list can be used to troubleshoot XML issues or can be retained as a record of the files that were gathered into the migration store. The List Files log is only available for ScanState.exe.

Diagnostic Log

You can obtain the diagnostic log by setting the environment variable MIG_ENABLE_DIAG to a path to an XML file.

The diagnostic log contains:

Detailed system environment information

Detailed user environment information

Information about the migration units (migunits) being gathered and their contents

Using the Diagnostic Log

The diagnostic log is essentially a report of all the migration units (migunits) included in the migration. A migunit is a collection of data that is identified by the component it is associated with in the XML files. The migration store is made up of all the migunits in the migration. The diagnostic log can be used to verify which migunits were included in the migration and can be used for troubleshooting while authoring migration XML files.

The following examples describe common scenarios in which you can use the diagnostic log.

Why is this file not migrating when I authored an «include» rule for it?

Let’s imagine that we have the following directory structure and that we want the «data» directory to be included in the migration along with the «New Text Document.txt» file in the «New Folder.» The directory of C:\data contains:

The directory of C:\data\New Folder contains:

To migrate these files you author the following migration XML:

However, upon testing the migration you notice that the «New Text Document.txt» file isn’t included in the migration. To troubleshoot this failure, the migration can be repeated with the environment variable MIG_ENABLE_DIAG set such that the diagnostic log is generated. Upon searching the diagnostic log for the component «DATA1», the following XML section is discovered:

Analysis of this XML section reveals the migunit that was created when the migration rule was processed. The

section details the actual files that were scheduled for gathering and the result of the gathering operation. The «New Text Document.txt» file doesn’t appear in this section, which confirms that the migration rule was not correctly authored.

An analysis of the XML elements reference topic reveals that the

tag needs to be modified as follows:

When the migration is preformed again with the modified tag, the diagnostic log reveals the following:

This diagnostic log confirms that the modified

value enables the migration of the file.

Why is this file migrating when I authored an exclude rule excluding it?

In this scenario, you have the following directory structure and you want all files in the «data» directory to migrate, except for text files. The C:\Data folder contains:

The C:\Data\New Folder\ contains:

You author the following migration XML:

However, upon testing the migration you notice that all the text files are still included in the migration. In order to troubleshoot this issue, the migration can be performed with the environment variable MIG_ENABLE_DIAG set so that the diagnostic log is generated. Upon searching the diagnostic log for the component «DATA1», the following XML section is discovered:

Upon reviewing the diagnostic log, you confirm that the files are still migrating, and that it is a problem with the authored migration XML rule. You author an update to the migration XML script as follows:

Your revised migration XML script excludes the files from migrating, as confirmed in the diagnostic log:

Источник статьи: http://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-log-files

Manage auditing and security log

Describes the best practices, location, values, policy management, and security considerations for the Manage auditing and security log security policy setting.

Reference

This policy setting determines which users can specify object access audit options for individual resources such as files, Active Directory objects, and registry keys. These objects specify their system access control lists (SACL). A user who is assigned this user right can also view and clear the Security log in Event Viewer. For more info about the Object Access audit policy, see Audit object access.

Possible values

Best practices

  1. Before removing this right from a group, investigate whether applications are dependent on this right.
  2. Generally, assigning this user right to groups other than Administrators is not necessary.

Location

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Default values

By default this setting is Administrators on domain controllers and on stand-alone servers.

The following table lists the actual and effective default policy values for the most recent supported versions of Windows. Default values are also listed on the policy’s property page.

Command line Option File Name Description
Server type or GPO Default value
Default Domain Policy Not defined
Default Domain Controller Policy Administrators
Stand-Alone Server Default Settings Administrators
Domain Controller Effective Default Settings Administrators
Member Server Effective Default Settings Administrators
Client Computer Effective Default Settings Administrators

Policy management

This section describes features, tools, and guidance to help you manage this policy.

A restart of the computer is not required for this policy setting to be effective.

Any change to the user rights assignment for an account becomes effective the next time the owner of the account logs on.

Audits for object access are not performed unless you enable them by using the Local Group Policy Editor, the Group Policy Management Console (GPMC), or the Auditpol command-line tool.

For more information about the Object Access audit policy, see Audit object access.

Group Policy

Settings are applied in the following order through a Group Policy Object (GPO), which will overwrite settings on the local computer at the next Group Policy update:

  1. Local policy settings
  2. Site policy settings
  3. Domain policy settings
  4. OU policy settings

When a local setting is greyed out, it indicates that a GPO currently controls that setting.

Security considerations

This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.

Vulnerability

Anyone with the Manage auditing and security log user right can clear the Security log to erase important evidence of unauthorized activity.

Countermeasure

Ensure that only the local Administrators group has the Manage auditing and security log user right.

Potential impact

Restricting the Manage auditing and security log user right to the local Administrators group is the default configuration.

Warning:В В If groups other than the local Administrators group have been assigned this user right, removing this user right might cause performance issues with other applications. Before removing this right from a group, investigate whether applications are dependent on this right.

Источник статьи: http://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log


Adblock
detector