Re: Auditing Attempted Shared Folder Access
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Mon, 5 Mar 2007 08:59:34 -0700
NTFS auditing is controlled by enabling audit of Object Access
in the security policy, which you did not list as enabled.
"keith c" <keithc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2D131BA7-17AF-483E-8F33-410C2D98D26B@xxxxxxxxxxxxxxxx
I have Success/Failure turned on in the following Local Security Settings:
Audit Acct logon events
Audit Acct Management
Audit Directory Service Access
Audit Logon Events
Audit Policy Change
I have a shared folder on the server that has the following permissions
set
on it:
Security (local NTFS): Everyone Full Control
Sharing permissons: TestUser1 - Read Only
I have auditing set for "Everyone" of Type: Failure on the folder.
When TestUser2 (who doesnt have access to the folder) double clicks on
the share, the "Access is Denied" message box is displayed. But I have no
'failure' entry in the Security Event Log on the server.
What am I doing wrong? Am I missing something?
What do I need to do to get the failed attempt captured in the
security event log?
Any help would be appreciated.
Thanks
K C
Security Analyst III
Self Regional Healthcare
Greenwood, SC USA
.
- Prev by Date: Re: How can I reenable Windows firewall?
- Next by Date: Re: How can I reenable Windows firewall?
- Previous by thread: How can I reenable Windows firewall?
- Next by thread: Re: Auditing Attempted Shared Folder Access
- Index(es):
Relevant Pages
|
