Re: Track a specific users share access activity?

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 08/14/04


Date: Sat, 14 Aug 2004 09:36:37 -0700

When you open the auditing tab in the Security dialog of the
NTFS permissions in the properties of the storage area of
concern, what you find is that you may add whatever you
would like, just as if you were adding access permissions.
If you add Chuck Read in the auditing settings, then only
Read events by account Chuck trigger and audit record.
A Delete by Chuck does not and a Read by Sally does not.
IOW auditing is controlled by SACLs that are just as fine
grained and flexible as the DACLs used for granting and
denying permissions on NTFS objects.

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Doug Lowenthal" <Doug@BuildingITC.com> wrote in message
news:BD43ABEF.CC4A%Doug@BuildingITC.com...
> Is there a way to audit a specific users activity instead of turning on
> general object auditing and seeing every ones file access.  We have many
> shares on the server and would like to track specific users access to
those
> documents.  I do not care to see/be notified (using Event Sentry) when
> someone I am not concerned with opens the file/folder.  Any help would be
> appreciated.
>