Re: How to apply file/folder auditing

From: Rich S. (
Date: 08/08/03

Date: Fri, 8 Aug 2003 09:32:50 -0400

More/less as a quick test, I simply selected all the available "failure"
options from the auditing tab of a shares properties. The reason I'm taking
this (as a first-try approach) is the simplicity, although I may not stick
with this in favor of a gropu policy. Right now, all my servers are in 2
OU's: Domain Controllers and Computers. Can you give me a hint as to
setting this up via Group Policies? That is still an area that I have a lot
to learn about.


"Steven L Umbach" <> wrote in message
> You could enable auditing of object access which would then give
> the ability to set auditing of files and folders. You can do this at the
> Local Security Policy level if the domain policy does not override it or
> those servers you want to audit in there own Organizational Unit and apply
> separate policy to just them. You need to audit just the bare minimum or
> will have a huge amount of entries. Try enabling auditing of just folders
> and subfolders for just the administrators group and only for change
> permissions. --- Steve
> "Rich S." <> wrote in message
> news:#ppmfkRXDHA.1004@TK2MSFTNGP12.phx.gbl...
> > Hello,
> >
> > I think this issue is security related so I hope this is the correct
> >
> > My agency has had several instances where permissions change on shared
> > folders and sub-folders. I try to also apply security using groups. In
> > each instance, a security group seems to have been removed and/or
> replaced.
> > We have multiple users in my company with administrator privileges but
> > course no one admits to changing anything. Political forces are
> > preventing taking steps to be more secure (renaming the administrator
> > account, assigning a 2nd account w/admin rights for the individuals,
> > changing and keeping admin account password private, etc).
> >
> > As a result of this, I would like to set auditing for basically
> > on our file (and other role (ie database, application...) servers.
> Because
> > they all have multiple Gb of files, I don't want to sit for hours and
> watch
> > this happen at my desk or do it in the middle of the day and impact
> > performance. Can anyone suggest a relatively quick / efficient way to
> > this? Are this viable options:?
> >
> > Group Policy
> > Windows Scripting
> > Other programmatic methods
> > Set the audit changes just before leaving for the weekend?
> > Anything else
> >
> > TIA,
> > Rich
> >
> >