Re: file security

• Previous message: Jonathan Maltz [MS-MVP]: "Re: help:site hacked"
• In reply to: Scott Elgram: "Re: file security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 30 Jun 2004 00:23:47 -0700

Hi Scott

For NTFS objects there are two steps to enable auditing

In general you need to set auditing for success and/or failure
as needed in the Audit Policy section of a GPO that has the
machines with the storage in scope of the GPO, or in the
local security policy if there is no overwriting GPO.
Here you would set on auditing of object access.

Then, in specific, you need to set auditing in the security
of the NTFS object(s) that should generate audit records.
This is in the Auditing tab within the advanced view in
the security dialog of the properties of the object, and this
can be set to inherit onto contained objects.

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Scott Elgram" <SElgram@verifpoint.com> wrote in message
news:eDK2UmUXEHA.3420@TK2MSFTNGP12.phx.gbl...
> Andrew,
>     I'm not entirely sure but I believe auditing is enabled.  How can I
> check / enable it?
> I looked through the security log files on the server but they did not
tell
> me much of anything.
>
> -Scott
>
> "Andrew Sword [MVP]" <exchange.mvp@nos.optushome.com.au> wrote in message
> news:OHn9fe1WEHA.3472@TK2MSFTNGP09.phx.gbl...
> > Once way is to enable auditing to track access to files. Then check the
> > security log after this enabled.
> >
> >
> > "Scott Elgram" <SElgram@verifpoint.com> wrote in message
> > news:%23P6pAakWEHA.2840@TK2MSFTNGP11.phx.gbl...
> > > Hello,
> > >    Is there a way to find out which user last modified any particular
> file
> > > over a network?
> > >
> > > -- 
> > > -Scott Elgram
> > >
> > >
> >
> >
>
>

• Previous message: Jonathan Maltz [MS-MVP]: "Re: help:site hacked"
• In reply to: Scott Elgram: "Re: file security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: audit access to cmd.exe ... You turn on accessing of all objects, then you set auditing on the ... > 1) secpol.msc--Security Settings, Local Policies, Audit Policy. ... > "George Hester" wrote in message ... (microsoft.public.security) Re: How to apply file/folder auditing ... options from the auditing tab of a shares properties. ... with this in favor of a gropu policy. ... > the ability to set auditing of files and folders. ... > those servers you want to audit in there own Organizational Unit and apply ... (microsoft.public.win2000.security) Re: Tracking down missing files and the toad who deleted them ... in future you can set auditing for selected folders/files ... Microsoft Windows XP - Set, view, change, or remove auditing for a file or folder: ... (microsoft.public.windowsxp.help_and_support) Desktop.ini auditing filling event logs ... I have set auditing for Change Permissions, ... my security log on that machine is being filled with "Object Access" ... For the few in the domain admins group, there is an Accesses ... (microsoft.public.security) Re: audit user activity ... you can set filter to view the Security log for a particular user. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... Right-click Small Business Server Auditing Policy and click Edit. ... (microsoft.public.windows.server.sbs)