Re: Auditing Permissions to a Folder???
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 07/30/04
- Next message: Roger Abell: "Re: Auditing Permissions to a Folder???"
- Previous message: Steve Duff [MVP]: "Re: SBS remote access issue"
- In reply to: ITAuditor: "Re: Auditing Permissions to a Folder???"
- Next in thread: Roger Abell: "Re: Auditing Permissions to a Folder???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Jul 2004 19:26:14 -0700
In the audit policy section of group policy impacting that
server you need to enable auditing of object access.
Then, at the root of the area that is your concern, in the
Adv view within the NTFS security dialog, use the Audit
tab and set an ACE to audit permission changes (you will
need to use the Edit button to set this so specifically).
If you set an ACE to audit too common of actions, you will
get too much written into the security log. When you finally
set the new audit ACL with this dialog, use the checkbox to
ensure that this SACL is inherited onto all of the substructure.
You can do this independently from forcing the DACL, the
normal permissions, to also inhert onto all below.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "ITAuditor" <ITAuditor@discussions.microsoft.com> wrote in message news:2679F7BF-6FA5-4B01-859A-75C18BA0A644@microsoft.com... > Thanks for the advice, but I have not seen anything there that could help! > > "netneg" wrote: > > > Here's a good start. > > > > http://www.microsoft.com/technet/security/guidance/secmod119.mspx > > > > > > "ITAuditor" <ITAuditor@discussions.microsoft.com> wrote in message > > news:EB0081C1-E630-4122-B6C9-33BC7B2C0DFF@microsoft.com... > > > Hi Guys and Girls. > > > > > > I suspect that members of my technical team are assigning themselves to > > various folders that should be restricted. Once they do what they want, I > > believe that they then remove themselves. When I say add, I mean that they > > right click the respective folder or drive, select sharing and security, > > then under security add themselves with full user rights. > > > > > > I know that it was stupid for most of them to have administrator password > > to the server, however this has been corrected. > > > > > > What I want to determine is if I can audit such an activity??? If so, how > > can I set it? We recently installed Server 2003. Much help is needed, > > thanks. > > > > > >
- Next message: Roger Abell: "Re: Auditing Permissions to a Folder???"
- Previous message: Steve Duff [MVP]: "Re: SBS remote access issue"
- In reply to: ITAuditor: "Re: Auditing Permissions to a Folder???"
- Next in thread: Roger Abell: "Re: Auditing Permissions to a Folder???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
