Re: Audit file for failure

From: mjnjr (mjnjr_at_discussions.microsoft.com)
Date: 11/09/04

Next message: ohaya: "Get list of users who logged into Domain Controller?"
Previous message: mjnjr: "Re: Audit file for failure"
In reply to: Roger Abell [MVP]: "Re: Audit file for failure"
Next in thread: Roger Abell [MVP]: "Re: Audit file for failure"
Reply: Roger Abell [MVP]: "Re: Audit file for failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 9 Nov 2004 11:38:06 -0800

I have "read" permission on the folder. Will that prevent auditing for
failure on files within the folder?

"Roger Abell [MVP]" wrote:

> "mjnjr" <mjnjr@discussions.microsoft.com> wrote in message
> news:53EC3C3B-411C-43D4-92FC-1462C49790CE@microsoft.com...
> >I want to audit logon events and object access (specific files) for success
> > and failure in a Windows 2000 Domain. I am using Windows XP Pro (SP1) on
> > the
> > machines and have 24 computers on an Ethernet. I want to know if and when
> > unauthorized persons are writing to these files. I have the audit policies
> > in
> > place, rebooted, and then set up auditing on the folder with the files. I
> > then shared the folder and verified the shared folder and NTFS
> > permissions.
> > The Security log shows plenty of "successes" but no "failures" when I try
> > to
> > change the file over the network. It works with both "successes" and
> > "failures" when I log in as a user on the local machine and try to change
> > the
> > file. What did I miss to make this work over the network?
> > --
> > I'd rather be sailing.
>
> The share-level permissions are sufficiently loose so that the attempt
> will get through to the NTFS level failure ??
>
> --
> Roger
>
>
>

Next message: ohaya: "Get list of users who logged into Domain Controller?"
Previous message: mjnjr: "Re: Audit file for failure"
In reply to: Roger Abell [MVP]: "Re: Audit file for failure"
Next in thread: Roger Abell [MVP]: "Re: Audit file for failure"
Reply: Roger Abell [MVP]: "Re: Audit file for failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Minimum NTFS Permissions - Theres such a thing???
... ?2001 Microsoft Corporation. ... HOW TO: Set Minimum NTFS Permissions Required for IIS 5.0 to Work WGID:198 ... " List Folder Contents" ...
(microsoft.public.inetserver.iis.security)
Re: Unable to delete orphaned 1.5 GB System Restore folder
... The fact that the tech support is based in India has nothing to do with the ... If so you may want to leave this folder alone. ... down to all children folders because i can set those permissions to ... try deleting from the command line using system by using the AT ...
(microsoft.public.windowsxp.security_admin)
Re: Netwatcher
... auditing of logon events for success and failure to see who is accessing or trying to ... and users group may have excessive permissions on the root/drive folder. ...
(microsoft.public.win2000.security)
Re: Unable to delete orphaned 1.5 GB System Restore folder
... The only computers i fix are my own. ... If so you may want to leave this folder alone. ... it includes all subdirectories with inherited permissions. ... try deleting from the command line using system by using the AT ...
(microsoft.public.windowsxp.security_admin)
Re: share folder permissions
... B Group -> Read only permissions over ALL the sub-folders and files ... List Folder Contents, Read, and Write. ... Usually we just add Domain Admins FC, and Authenticated Users, Change. ... Then whatever is set in the folder structure using NTFS will dicate their effective permissions. ...
(microsoft.public.windows.server.networking)