Re: Audit file for failure

From: mjnjr (mjnjr_at_discussions.microsoft.com)
Date: 11/09/04


Date: Tue, 9 Nov 2004 11:38:06 -0800

I have "read" permission on the folder. Will that prevent auditing for
failure on files within the folder?

"Roger Abell [MVP]" wrote:

> "mjnjr" <mjnjr@discussions.microsoft.com> wrote in message
> news:53EC3C3B-411C-43D4-92FC-1462C49790CE@microsoft.com...
> >I want to audit logon events and object access (specific files) for success
> > and failure in a Windows 2000 Domain. I am using Windows XP Pro (SP1) on
> > the
> > machines and have 24 computers on an Ethernet. I want to know if and when
> > unauthorized persons are writing to these files. I have the audit policies
> > in
> > place, rebooted, and then set up auditing on the folder with the files. I
> > then shared the folder and verified the shared folder and NTFS
> > permissions.
> > The Security log shows plenty of "successes" but no "failures" when I try
> > to
> > change the file over the network. It works with both "successes" and
> > "failures" when I log in as a user on the local machine and try to change
> > the
> > file. What did I miss to make this work over the network?
> > --
> > I'd rather be sailing.
>
> The share-level permissions are sufficiently loose so that the attempt
> will get through to the NTFS level failure ??
>
> --
> Roger
>
>
>