Re: audit object access failure.
From: Nick Finco [MSFT] (nfinco_at_online.microsoft.com)
Date: 06/20/03
- Next message: Bill Tomlinson: "Using Notepad To Add Registry Key/Value Pairs To Security Template .inf Files"
- Previous message: Cklinger: "Restrict DHCP assignments"
- In reply to: Keith: "audit object access failure."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 Jun 2003 14:08:51 -0700
If you're a member of a domain, make sure that domain policy isn't
overriding your local policy and turning off object access auditing before
you can even test it. Make sure that you turned on both success and failure
auditing for the user that you wish to audit on this object. Easiest way
for testing is to just add Everyone to the list for both success and failure
audits for the object.
N
-- This posting is provided "AS IS" with no warranties, and confers no rights. Any included code samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "Keith" <kwoznica@planetassoc.com> wrote in message news:0d2501c3373a$92d0e3a0$a401280a@phx.gbl... > Hello all, > > I am experiencing the following problem. I went into a > server with an account that is in the domain admin group > on the domain controller. The server is a member of the > domain. I used the local security policy, audit policy to > log the success and failures for the following policies, > Audit account logon events > audit account management > audit directory service access > audit logon events > audit object access > audit policy change > > Then I went to the object which I wanted to audit. In this > case it is a folder and its children. The name is set to > everyone and auditing is being applied onto This folder, > subfolders, and files. I have also checked Apply these > auditing entries to objects and/or containers within this > container only. > Under the Access Control Settings for dialog and I have > Allow inheritable auding entries from parent to propagate > to this object. > > Ok then i realized i need to add myself to the local > administrators group or give myself the Manage auditing > and security log user right. I did both. > > When I go and access the object I am auditing nothing > appears in the security log of the event viewer. I have my > filter set to capture everthing and all events. Can anyone > recommend a solution or point out what i did wrong??? > > Please advise, this would be greatly appreciated. > > Thanks, > Keith Woznica
- Next message: Bill Tomlinson: "Using Notepad To Add Registry Key/Value Pairs To Security Template .inf Files"
- Previous message: Cklinger: "Restrict DHCP assignments"
- In reply to: Keith: "audit object access failure."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
