Estimated time to perform these tasks: about 10 minutes.
The easiest method to run automated audits is using a scheduled task from the domain server. If you need or prefer to do so via a logon script, this tutorial is for you.
Create a folder and subfolder on a server all your users can access. Typically that would be your domain server, but it doesn't need to be.
Example: If user files are in the D: drive, create D:\ezaudit\audits. That would translate to \\servername\ezaudit\audits.
Share the folders to a Users Group all users belong to. Typically that would be Domain Users, but it doesn't have to be.
Next you run the E-Z Audit Configuration tool from the Admin Console > Tools tab.
There you can enter what you want to audit and how often as well as where to save the audits.
Put the location you just created and shared, so: \\servername\ezaudit\audits as where to run the audits from.
Save the configuration to the \\servername\ezaudit folder.
The tool will move the audit module files to the location for you.
As an advanced topic for later, you can have multiple configuration files for different purposes, but for now, all you need is the one configuration file.
Create the logon script in Group Policy .
Create a logon script for all users via Group Policy:
Fire up gpmc.msc and do the steps as shown below:
Right-click the selection as shown and select Edit:
Go to User Configuration > Policies > Scripts (Logon/Logoff). Double-click Logon.
Click Add to enter the information information as shown:
Click Apply and Ok out. That's It!
Final note: You may want to remote into the server and do a GPUPDATE/FORCE at a command prompt to jog it to life right away.
If you write your own logon scripts, use alternatives like KixTart, or your own .bat, .vbs file etc., all you need to add is to launch \\servername\ezaudit\ezstart.exe with the parameters -a -o.
Here's a VBScript example of what to add:
Set WSHShell = CreateObject("WScript.Shell")
shellthis = "\\servername\ezaudit\ezstart.exe"
'Note: don't use your server IP address like \\10.0.0.1\, use the server name
'otherwise Windows will likely show a security alert at the user's PC.
shellcmd = Chr(32) & "-a
WSHShell.Run Chr(34) & shellthis & Chr(34) & shellcmd ,1,False