Re: file security

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 06/30/04

  • Next message: Roger Abell: "Re: users not authorized to change password"
    Date: Wed, 30 Jun 2004 00:23:47 -0700
    
    

    Hi Scott

    For NTFS objects there are two steps to enable auditing

    In general you need to set auditing for success and/or failure
    as needed in the Audit Policy section of a GPO that has the
    machines with the storage in scope of the GPO, or in the
    local security policy if there is no overwriting GPO.
    Here you would set on auditing of object access.

    Then, in specific, you need to set auditing in the security
    of the NTFS object(s) that should generate audit records.
    This is in the Auditing tab within the advanced view in
    the security dialog of the properties of the object, and this
    can be set to inherit onto contained objects.

    -- 
    Roger Abell
    Microsoft MVP (Windows Server System: Security)
    MCSE (W2k3,W2k,Nt4)  MCDBA
    "Scott Elgram" <SElgram@verifpoint.com> wrote in message
    news:eDK2UmUXEHA.3420@TK2MSFTNGP12.phx.gbl...
    > Andrew,
    >     I'm not entirely sure but I believe auditing is enabled.  How can I
    > check / enable it?
    > I looked through the security log files on the server but they did not
    tell
    > me much of anything.
    >
    > -Scott
    >
    > "Andrew Sword [MVP]" <exchange.mvp@nos.optushome.com.au> wrote in message
    > news:OHn9fe1WEHA.3472@TK2MSFTNGP09.phx.gbl...
    > > Once way is to enable auditing to track access to files. Then check the
    > > security log after this enabled.
    > >
    > >
    > > "Scott Elgram" <SElgram@verifpoint.com> wrote in message
    > > news:%23P6pAakWEHA.2840@TK2MSFTNGP11.phx.gbl...
    > > > Hello,
    > > >    Is there a way to find out which user last modified any particular
    > file
    > > > over a network?
    > > >
    > > > -- 
    > > > -Scott Elgram
    > > >
    > > >
    > >
    > >
    >
    >
    

  • Next message: Roger Abell: "Re: users not authorized to change password"