Configuring and applying audit policies to NTFS files and folders using the CLI

There are several steps you must perform to apply audit policies to NTFS files and folders when using the ONTAP CLI. First, you create an NTFS security descriptor and add SACLs to the security descriptor. Next you create a security policy and add policy tasks. You then apply the security policy to a storage virtual machine (SVM).

About this task

After applying the security policy, you can monitor the security policy job and then verify the settings for the applied audit policy.
Note: When an audit policy and associated SACLs are applied, any existing DACLs are overwritten. You should review existing security policies before creating and applying new ones.
  1. Creating an NTFS security descriptor
    Creating an NTFS security descriptor audit policy is the first step in configuring and applying NTFS access control lists (ACLs) to files and folders residing within SVMs. You will associate the security descriptor to the file or folder path in a policy task.
  2. Adding NTFS SACL access control entries to the NTFS security descriptor
    Adding SACL (system access control list) access control entries (ACEs) to the NTFS security descriptor is the second step in creating NTFS audit policies for files or folders in SVMs. Each entry identifies the user or group that you want to audit. The SACL entry defines whether you want to audit successful or failed access attempts.
  3. Creating security policies
    Creating an audit policy for storage virtual machines (SVMs) is the third step in configuring and applying ACLs to a file or folder. A policy acts as a container for various tasks, where each task is a single entry that can be applied to files or folders. You can add tasks to the security policy later.
  4. Adding a task to the security policy
    Creating and adding a policy task to a security policy is the fourth step in configuring and applying ACLs to files or folders in SVMs. When you create the policy task, you associate the task with a security policy. You can add one or more task entries to a security policy.
  5. Applying security policies
    Applying an audit policy to SVMs is the last step in creating and applying NTFS ACLs to files or folders.
  6. Monitoring the security policy job
    When applying the security policy to storage virtual machines (SVMs), you can monitor the progress of the task by monitoring the security policy job. This is helpful if you want to ascertain that the application of the security policy succeeded. This is also helpful if you have a long-running job where you are applying bulk security to a large number of files and folders.
  7. Verifying the applied audit policy
    You can verify the audit policy to confirm that the files or folders on the storage virtual machine (SVM) to which you applied the security policy have the desired audit security settings.
Parent topic: Managing NTFS file security, NTFS audit policies, and Storage-Level Access Guard on SVMs using the CLI
Related concepts
Related tasks
Related information
Copyright © 1994-2021, NetApp, Inc. All rights reserved.
Part number: 215-11156_2021-06_en-us
June 2021
Updated for ONTAP 9.9.1