Re: Track a specific users share access activity?

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 08/14/04


Date: Sat, 14 Aug 2004 09:36:37 -0700

When you open the auditing tab in the Security dialog of the
NTFS permissions in the properties of the storage area of
concern, what you find is that you may add whatever you
would like, just as if you were adding access permissions.
If you add Chuck Read in the auditing settings, then only
Read events by account Chuck trigger and audit record.
A Delete by Chuck does not and a Read by Sally does not.
IOW auditing is controlled by SACLs that are just as fine
grained and flexible as the DACLs used for granting and
denying permissions on NTFS objects.

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Doug Lowenthal" <Doug@BuildingITC.com> wrote in message
news:BD43ABEF.CC4A%Doug@BuildingITC.com...
> Is there a way to audit a specific users activity instead of turning on
> general object auditing and seeing every ones file access.  We have many
> shares on the server and would like to track specific users access to
those
> documents.  I do not care to see/be notified (using Event Sentry) when
> someone I am not concerned with opens the file/folder.  Any help would be
> appreciated.
>


Relevant Pages

  • Re: Pegasus is correct here simple because SHARE permissions superceed NTFS file
    ... The effect of this is that the ordinary users will not be able to change the access rights on files or folders below the share, regardless of having Full Control on them. ... I'm struggling to understand permissions in W2k3 server standard. ... full control so have set the folder's security permissions appropriately. ... then tune the NTFS permissions to meet your specific requirements. ...
    (microsoft.public.windows.server.general)
  • Re: Pegasus is correct here simple because SHARE permissions superceed NTFS file
    ... The effect of this is that the ordinary users will not be able to change the access rights on files or folders below the share, regardless of having Full Control on them. ... I'm struggling to understand permissions in W2k3 server standard. ... full control so have set the folder's security permissions appropriately. ... then tune the NTFS permissions to meet your specific requirements. ...
    (microsoft.public.windows.server.general)
  • Re: DC Policy: just want to audit files, not set security
    ... the particular directory to root the auditing ... different permissions within the area. ... >> I had never thought of using a SCE template File System ... >>> lot of events in the security log. ...
    (microsoft.public.windows.server.security)
  • Re: System Security Audits
    ... Security's Auditing Tools and security templates. ... > By system security audits I mean things like checking if computer ... > permissions (not too high or to say if user has restrictive ...
    (Pen-Test)
  • Re: Auditing
    ... Yes, as other MVP has stated, Auditing and NTFS permission are individual ... Each object has a set of security information, or security descriptor, ... In addition to containing permissions information, however, a security ...
    (microsoft.public.win2000.general)