Re: Audit file for failure

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 11/10/04 

Date: Wed, 10 Nov 2004 07:38:33 -0700

It will not prevent auditing, but it seems reasonable that it
will prevent the redirector from allowing access to the file
at the NTFS level, and there is not sufficient permission to
use the share that way. 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA,  MCSE W2k3+W2k+Nt4
"mjnjr" <mjnjr@discussions.microsoft.com> wrote in message 
news:A77A4867-2B52-40AE-8BCC-0F6D45140FAF@microsoft.com...
>I have "read" permission on the folder. Will that prevent auditing for
> failure on files within the folder?
>
> "Roger Abell [MVP]" wrote:
>
>> "mjnjr" <mjnjr@discussions.microsoft.com> wrote in message
>> news:53EC3C3B-411C-43D4-92FC-1462C49790CE@microsoft.com...
>> >I want to audit logon events and object access (specific files) for 
>> >success
>> > and failure in a Windows 2000 Domain. I am using Windows XP Pro (SP1) 
>> > on
>> > the
>> > machines and have 24 computers on an Ethernet. I want to know if and 
>> > when
>> > unauthorized persons are writing to these files. I have the audit 
>> > policies
>> > in
>> > place, rebooted, and then set up auditing on the folder with the files. 
>> > I
>> > then shared the folder and verified the shared folder and NTFS
>> > permissions.
>> > The Security log shows plenty of "successes" but no "failures" when I 
>> > try
>> > to
>> > change the file over the network. It works with both "successes" and
>> > "failures" when I log in as a user on the local machine and try to 
>> > change
>> > the
>> > file. What did I miss to make this work over the network?
>> > -- 
>> > I'd rather be sailing.
>>
>> The share-level permissions are sufficiently loose so that the attempt
>> will get through to the NTFS level failure ??
>>
>> -- 
>> Roger
>>
>>
>>

Relevant Pages

  • Re: setting permissions on folder on win2003 server
    ... Since you mentioned shared folder, it is worth noting that in case of shares the cumulative permissions apply, where the most restrictive take precedence. ... For example, if you assign Read permission on a share level and Write permission on the NTFS level, they will be only able to Read the content of the folder. ...
    (microsoft.public.windows.server.general)
  • Re: Autoexec.nt file missing?
    ... you can't enable Auditing on a computer running Home Edition. ... You must specify what to audit. ... >> example, a file, folder, registry key, printer, and so forth-that has its ...
    (microsoft.public.windowsxp.newusers)
  • Re: Change to folder permissions - What event is logged?
    ... Based on my research, after you enabled Change Permission auditing, if ... double-click "Audit object access". ... locate the file or folder you want to audit. ... Select the Successful or Failed check boxes for Change Permission action ...
    (microsoft.public.windows.server.sbs)
  • RE: Change to folder permissions - What event is logged?
    ... Based on my research, after you enabled Change Permission auditing, if ... double-click "Audit object access". ... locate the file or folder you want to audit. ... Select the Successful or Failed check boxes for Change Permission action ...
    (microsoft.public.windows.server.sbs)
  • RE: Monitor File Access, Change or Delete
    ... folder with auditing for Windows Server 2003. ... Locate the file or folder that you want to audit. ... and then click the Auditing tab. ...
    (microsoft.public.windows.server.sbs)