Re: audit folder/file delet

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/29/04

• Next message: Phillip Windell: "Re: Is NetBIOS Over TCP Required For Authentication?"
• Previous message: Steven L Umbach: "Re: Security tab in the properties window"
• In reply to: Edy Werder: "audit folder/file delet"
• Next in thread: Edy Werder: "Re: audit folder/file delet"
• Reply: Edy Werder: "Re: audit folder/file delet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 29 Mar 2004 18:33:36 GMT

Unfortunately you cant stop the "related" events. Your best bet is to increase the
size of the security log and only audit the bare number of permissions for the bare
number of users avoiding the "everyone" group. You can use filter view to narrow down
your search or maybe something like Event Comb from Microsoft. --- Steve

"Edy Werder" <werder@interwatt.ch> wrote in message
news:jtlf60dhma3k55d6qmj70odl4hujhlu0ee@4ax.com...
> Dear all,
>
> I try to audit a folder and its subdirectory for deletion.
>
> The folder is located on a domain controller. I understand I have
> first to enable in local security policy, audit policy, audit object
> access. After that I go to Windows Explorer, select the folder, right
> click it, poperties, security, advanced, auditing, add.
>
> The result I see in the event viewer under security. Basicalyl it
> works, but I see a lot of other activity for registry keys, mmc.exe as
> soon as I have activate the policy. Is that normal? It quickly files
> the audit log. All I want to see there is entries for auditing the
> folder.
>
> Best regards
> Edy

• Next message: Phillip Windell: "Re: Is NetBIOS Over TCP Required For Authentication?"
• Previous message: Steven L Umbach: "Re: Security tab in the properties window"
• In reply to: Edy Werder: "audit folder/file delet"
• Next in thread: Edy Werder: "Re: audit folder/file delet"
• Reply: Edy Werder: "Re: audit folder/file delet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: syslog ... For the same kind of environment, I am using Computer Associates eTrust ... Audit integrated with Security command center for an easy event management ... and consolidation of logs + administration of all the Security ... (Security-Basics) RE: Blue Team ROE ... These types of constraints are a way to create the illusion of due ... diligence in that they are having an outside company perform a security ... the audit by client constraints. ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) Re: How to determine who changed permissions on a directory? ... I used the "Security Monitoring and Attack Detection Planning Guide" from ... Audit Account Logon events - Success, Failure ... Audit Object Access - Success, ... (microsoft.public.security) Re: How to determine who changed permissions on a directory? ... I used the "Security Monitoring and Attack Detection Planning Guide" from ... Audit Account Logon events - Success, Failure ... Audit Object Access - Success, ... (microsoft.public.security) RE: [lists] How tos in Hacking AS400 ... In 15 minutes I made the $40K I charged for the audit. ... If you spend more on coffee than on IT security, ... Download FREE whitepaper on how a managed service can help ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint