Re: Track a specific users share access activity?

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 08/14/04 

Date: Sat, 14 Aug 2004 09:36:37 -0700

When you open the auditing tab in the Security dialog of the
NTFS permissions in the properties of the storage area of
concern, what you find is that you may add whatever you
would like, just as if you were adding access permissions.
If you add Chuck Read in the auditing settings, then only
Read events by account Chuck trigger and audit record.
A Delete by Chuck does not and a Read by Sally does not.
IOW auditing is controlled by SACLs that are just as fine
grained and flexible as the DACLs used for granting and
denying permissions on NTFS objects. 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Doug Lowenthal" <Doug@BuildingITC.com> wrote in message
news:BD43ABEF.CC4A%Doug@BuildingITC.com...
> Is there a way to audit a specific users activity instead of turning on
> general object auditing and seeing every ones file access.  We have many
> shares on the server and would like to track specific users access to
those
> documents.  I do not care to see/be notified (using Event Sentry) when
> someone I am not concerned with opens the file/folder.  Any help would be
> appreciated.
>

Relevant Pages

  • Re: DC Policy: just want to audit files, not set security
    ... the particular directory to root the auditing ... different permissions within the area. ... >> I had never thought of using a SCE template File System ... >>> lot of events in the security log. ...
    (microsoft.public.windows.server.security)
  • Re: System Security Audits
    ... Security's Auditing Tools and security templates. ... > By system security audits I mean things like checking if computer ... > permissions (not too high or to say if user has restrictive ...
    (Pen-Test)
  • Re: Auditing
    ... Yes, as other MVP has stated, Auditing and NTFS permission are individual ... Each object has a set of security information, or security descriptor, ... In addition to containing permissions information, however, a security ...
    (microsoft.public.win2000.general)
  • Re: winntsystem32
    ... "secure server" templates] is to change the permissions on just the .EXE ... Or, look at the security ... NTFS permissions. ...
    (microsoft.public.win2000.security)
  • Re: sql permissions and adp
    ... Somethings probably missing on the security with whatever ... being execute and include auditing the object and statement ... >test the application using the standard user permissions. ... >rights which obviously we do not want to do. ...
    (microsoft.public.sqlserver.security)