Re: Auditing security

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 07/23/04

• Next message: Steven L Umbach: "Re: PKI certificates"
• Previous message: Steven L Umbach: "Re: WFP Errors"
• In reply to: alvin: "Auditing security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 23 Jul 2004 07:21:50 -0400

Read here:

http://securityadmin.info/faq.asp#auditing

I would not audit "traverse / execute" but write. It will be hard to audit
copying and moving, as these actions look identical to any other file
reading and writing.

There is no good way to prevent a user that can read a file from copying a
file [unless you try to restrict where that user has permission to write
to]. Also, for Microsoft Office files like Word and Excel files, there is
no good way to remove the Delete permission, in which case users can still
delete and move files as well. Your best bet is some kind of file backup
like tape backup that runs at least once every night.

Maybe there is some third party file auditing utility I dont' know about out
there that could help you [somehow I doubt it]. You could try searching
Google.

"alvin" <alvinleo@time.net.my> wrote in message
news:OZY$faFcEHA.2520@TK2MSFTNGP12.phx.gbl...
> First Question:
> I'm encounter a problem when i set the folder with audit permission to
cross
> check if there is anyone to move/copy file from this folder (example. copy
> file from server to other client workstation). I'm tick the tranverse
folder
> / execute file folder options but this seem does not work at all. I have
try
> to move/copy a file from server to my workstation and i can't find the
> message to show me that i have move/copy the file to other folder at event
> viewer. If there any way to set the folder security to keep track anyone
> have move/copy any files from this folder to other location (example
within
> the computer or other workstation computer).
>
> Second question :
> I want to set a security only allow user to write/read on that files but
> disallow user to move or copy the file out of the folder?
>
> Thank You.
>
>

---

• Next message: Steven L Umbach: "Re: PKI certificates"
• Previous message: Steven L Umbach: "Re: WFP Errors"
• In reply to: alvin: "Auditing security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Autoexec.nt file missing? ... you can't enable Auditing on a computer running Home Edition. ... You must specify what to audit. ... >> example, a file, folder, registry key, printer, and so forth-that has its ... (microsoft.public.windowsxp.newusers) Re: audit user activity ... you can enable Audit log in Event log on SBS: ... double-click "Audit object access". ... locate the file or folder you want to audit. ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) RE: Tracking File Modifications by User? ... Based on the information you provided, it should be a windows 2000 issue. ... you can enable Audit log in Event log to do so. ... locate the file or folder you want to audit. ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: file auditing not working ... My boss asked to audit folder to make sure that only authorized people goes ... Step 1 - On the server Setup the Folder, ... Is this a member server or a DC? ... > am a member of the domain admins group. ... (microsoft.public.win2000.security) Re: Autoexec.nt file missing? ... you can't enable Auditing on a computer running Home Edition. ... You must specify what to audit. ... example, a file, folder, registry key, printer, and so forth-that has its ... (microsoft.public.windowsxp.newusers)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)