Re: How to apply file/folder auditing

From: Rich S. (mis_manager_at_judsoncenter.org)
Date: 08/08/03


Date: Fri, 8 Aug 2003 09:32:50 -0400


More/less as a quick test, I simply selected all the available "failure"
options from the auditing tab of a shares properties. The reason I'm taking
this (as a first-try approach) is the simplicity, although I may not stick
with this in favor of a gropu policy. Right now, all my servers are in 2
OU's: Domain Controllers and Computers. Can you give me a hint as to
setting this up via Group Policies? That is still an area that I have a lot
to learn about.

Thank,s
Rich

"Steven L Umbach" <n9rou@nsattbi.com> wrote in message
news:IJEYa.93307$YN5.67378@sccrnsc01...
> You could enable auditing of object access which would then give
you
> the ability to set auditing of files and folders. You can do this at the
> Local Security Policy level if the domain policy does not override it or
put
> those servers you want to audit in there own Organizational Unit and apply
a
> separate policy to just them. You need to audit just the bare minimum or
you
> will have a huge amount of entries. Try enabling auditing of just folders
> and subfolders for just the administrators group and only for change
> permissions. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
> http://www.brienposey.com/kb/auditing_events,_part_3.asp
>
>
> "Rich S." <mis_manager@judsoncenter.org> wrote in message
> news:#ppmfkRXDHA.1004@TK2MSFTNGP12.phx.gbl...
> > Hello,
> >
> > I think this issue is security related so I hope this is the correct
list.
> >
> > My agency has had several instances where permissions change on shared
> > folders and sub-folders. I try to also apply security using groups. In
> > each instance, a security group seems to have been removed and/or
> replaced.
> > We have multiple users in my company with administrator privileges but
of
> > course no one admits to changing anything. Political forces are
currently
> > preventing taking steps to be more secure (renaming the administrator
> > account, assigning a 2nd account w/admin rights for the individuals,
> > changing and keeping admin account password private, etc).
> >
> > As a result of this, I would like to set auditing for basically
everything
> > on our file (and other role (ie database, application...) servers.
> Because
> > they all have multiple Gb of files, I don't want to sit for hours and
> watch
> > this happen at my desk or do it in the middle of the day and impact
system
> > performance. Can anyone suggest a relatively quick / efficient way to
do
> > this? Are this viable options:?
> >
> > Group Policy
> > Windows Scripting
> > Other programmatic methods
> > Set the audit changes just before leaving for the weekend?
> > Anything else
> >
> > TIA,
> > Rich
> >
> >
>
>