Re: file security
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: Wed, 30 Jun 2004 00:23:47 -0700
For NTFS objects there are two steps to enable auditing
In general you need to set auditing for success and/or failure
as needed in the Audit Policy section of a GPO that has the
machines with the storage in scope of the GPO, or in the
local security policy if there is no overwriting GPO.
Here you would set on auditing of object access.
Then, in specific, you need to set auditing in the security
of the NTFS object(s) that should generate audit records.
This is in the Auditing tab within the advanced view in
the security dialog of the properties of the object, and this
can be set to inherit onto contained objects.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Scott Elgram" <SElgram@verifpoint.com> wrote in message news:eDK2UmUXEHA.3420@TK2MSFTNGP12.phx.gbl... > Andrew, > I'm not entirely sure but I believe auditing is enabled. How can I > check / enable it? > I looked through the security log files on the server but they did not tell > me much of anything. > > -Scott > > "Andrew Sword [MVP]" <email@example.com> wrote in message > news:OHn9fe1WEHA.3472@TK2MSFTNGP09.phx.gbl... > > Once way is to enable auditing to track access to files. Then check the > > security log after this enabled. > > > > > > "Scott Elgram" <SElgram@verifpoint.com> wrote in message > > news:%23P6pAakWEHA.2840@TK2MSFTNGP11.phx.gbl... > > > Hello, > > > Is there a way to find out which user last modified any particular > file > > > over a network? > > > > > > -- > > > -Scott Elgram > > > > > > > > > > > >