Re: Auditing / Event Log Entries...
From: GX (GX_at_DOMAIN.com)
Date: 10/07/04
- Next message: GX: "LC5"
- Previous message: colin_lyse: "Re: How do u get around expiring password problems"
- In reply to: Steven L Umbach: "Re: Auditing / Event Log Entries..."
- Next in thread: Steven L Umbach: "Re: Auditing / Event Log Entries..."
- Reply: Steven L Umbach: "Re: Auditing / Event Log Entries..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 07 Oct 2004 15:30:47 GMT
Steve,
Let me stay on the same subject here...
Question: If you enable Object Access on Domain Controller (DC1SVR) to be
audited, how can you tell that the file (test.txt) under the machine
WINXPPRO24 > C:\Documents and Settins\John.Doe\My Documents\My Test Files
was accessed by the user Mary Jane?
Do you have to enable the Auditing on that specifi folder on the remote
machine or can you do it from the DC?
Thanks
GX
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:oQk8d.119482$wV.11272@attbi_s54...
> You will have to enable auditing of object access on the computer where
> you want to track object access for folders/files. If you enable in Domain
> Controller Security Policy it will record only files on domain controller
> that the user accesses. If you want to enable in on multiple computers you
> will have to enable it at the domain or Organizational Unit level. Look
> for event ID's 560 and 562 in the security logs of the computer or domain
> controller that the user accesses. --- Steve
>
> http://www.microsoft.com/technet/security/guidance/secmod144.mspx --
> great white paper on auditing
>
> "Ketta" <no@post.net> wrote in message
> news:uoCWgokqEHA.3252@TK2MSFTNGP14.phx.gbl...
>> Hi,
>> I enabled auditing through domain controller policy and then set audit
>> on success / failures for everything under C:. I only want to audit one
>> users activity through the entire system when they login to the domain
>> controller. Nothing shows up in the event log even though it is enabled.
>> I
>> have never used auditing before, but it looked pretty straight forward.
>>
>> 1. Enable auditing in the policy
>> 2. Enable auditing on the security tab of choice
>> 3. Watch the audit logs flow.
>>
>> TIA if anyone wants to educate me
>>
>> Ketta
>>
>>
>
>
- Next message: GX: "LC5"
- Previous message: colin_lyse: "Re: How do u get around expiring password problems"
- In reply to: Steven L Umbach: "Re: Auditing / Event Log Entries..."
- Next in thread: Steven L Umbach: "Re: Auditing / Event Log Entries..."
- Reply: Steven L Umbach: "Re: Auditing / Event Log Entries..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
