Re: file security

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 06/30/04

  • Next message: Roger Abell: "Re: users not authorized to change password"
    Date: Wed, 30 Jun 2004 00:23:47 -0700
    
    

    Hi Scott

    For NTFS objects there are two steps to enable auditing

    In general you need to set auditing for success and/or failure
    as needed in the Audit Policy section of a GPO that has the
    machines with the storage in scope of the GPO, or in the
    local security policy if there is no overwriting GPO.
    Here you would set on auditing of object access.

    Then, in specific, you need to set auditing in the security
    of the NTFS object(s) that should generate audit records.
    This is in the Auditing tab within the advanced view in
    the security dialog of the properties of the object, and this
    can be set to inherit onto contained objects.

    -- 
    Roger Abell
    Microsoft MVP (Windows Server System: Security)
    MCSE (W2k3,W2k,Nt4)  MCDBA
    "Scott Elgram" <SElgram@verifpoint.com> wrote in message
    news:eDK2UmUXEHA.3420@TK2MSFTNGP12.phx.gbl...
    > Andrew,
    >     I'm not entirely sure but I believe auditing is enabled.  How can I
    > check / enable it?
    > I looked through the security log files on the server but they did not
    tell
    > me much of anything.
    >
    > -Scott
    >
    > "Andrew Sword [MVP]" <exchange.mvp@nos.optushome.com.au> wrote in message
    > news:OHn9fe1WEHA.3472@TK2MSFTNGP09.phx.gbl...
    > > Once way is to enable auditing to track access to files. Then check the
    > > security log after this enabled.
    > >
    > >
    > > "Scott Elgram" <SElgram@verifpoint.com> wrote in message
    > > news:%23P6pAakWEHA.2840@TK2MSFTNGP11.phx.gbl...
    > > > Hello,
    > > >    Is there a way to find out which user last modified any particular
    > file
    > > > over a network?
    > > >
    > > > -- 
    > > > -Scott Elgram
    > > >
    > > >
    > >
    > >
    >
    >
    

  • Next message: Roger Abell: "Re: users not authorized to change password"

    Relevant Pages

    • Re: audit access to cmd.exe
      ... You turn on accessing of all objects, then you set auditing on the ... > 1) secpol.msc--Security Settings, Local Policies, Audit Policy. ... > "George Hester" wrote in message ...
      (microsoft.public.security)
    • Re: How to apply file/folder auditing
      ... options from the auditing tab of a shares properties. ... with this in favor of a gropu policy. ... > the ability to set auditing of files and folders. ... > those servers you want to audit in there own Organizational Unit and apply ...
      (microsoft.public.win2000.security)
    • Re: Tracking down missing files and the toad who deleted them
      ... in future you can set auditing for selected folders/files ... Microsoft Windows XP - Set, view, change, or remove auditing for a file or folder: ...
      (microsoft.public.windowsxp.help_and_support)
    • Desktop.ini auditing filling event logs
      ... I have set auditing for Change Permissions, ... my security log on that machine is being filled with "Object Access" ... For the few in the domain admins group, there is an Accesses ...
      (microsoft.public.security)
    • Re: audit user activity
      ... you can set filter to view the Security log for a particular user. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... Right-click Small Business Server Auditing Policy and click Edit. ...
      (microsoft.public.windows.server.sbs)