Re: file management
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 09/01/04
- Next message: Mikey: "Re: Hotfix KB824141"
- Previous message: Mainiac: "file management"
- In reply to: Mainiac: "file management"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 01 Sep 2004 19:04:00 GMT
If you enable auditing of object access on your computers [assuming W2K/XP Pro/W2003]
and then enable auditing of the folders for only the two delete permissions you
should be able to find out the user by looking in the security log for Event ID pairs
of 560 and 562 by timestamp. Make sure you increase your security logs to at least
10MB from the paltry bit they have by default. The other thing to verify is folder
permissions for ntfs. You might try giving users read/list/execute/write permissions
instead of full or modify - at least to the folders only which can be done in special
permissions. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308419
"Mainiac" <Mainiac@discussions.microsoft.com> wrote in message
news:C409102A-20AF-4C63-9A80-6DA0ACCEFF44@microsoft.com...
> We use shared folders on our network - we have had troubles with people
> deleting entire folders. How can we identify the "culprits"? The audit tool
> does not identify specific folders. Any ideas?
- Next message: Mikey: "Re: Hotfix KB824141"
- Previous message: Mainiac: "file management"
- In reply to: Mainiac: "file management"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
