Re: DC Policy: just want to audit files, not set security
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 03/17/05
- Previous message: Roger Abell: "Re: How to create Power User on Windows 2003?"
- In reply to: Steven L Umbach: "Re: DC Policy: just want to audit files, not set security"
- Next in thread: Steven L Umbach: "Re: DC Policy: just want to audit files, not set security"
- Reply: Steven L Umbach: "Re: DC Policy: just want to audit files, not set security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Mar 2005 23:21:23 -0700
You may a slightly misread the poster.
I had never thought of using a SCE template File System
definition to deliver only Audit SACL to some storage
area, but I immediately thought I saw what the poster
was indicating. Hence, I tried it out, and in fact if the
DACL part is left empty with only a SACL definition
provided, then upon application the DACL on the target
storage is changed. That is, any explicit ACEs set on
the target are removed, and inheritance will be adjusted
(or not) depending on the settings choosen in the template.
-- Roger "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message news:%23xDuJYpKFHA.2852@TK2MSFTNGP14.phx.gbl... > They are separate. Be sure to limit auditing to just what is needed [ > write/delete maybe] as the security log will fill up very quickly if you try > to audit everything. Just enabling auditing of object access will generate a > lot of events in the security log. Be sure to increase the size of the > security log quite a bit to at least 20 MB to start. --- Steve > > http://support.microsoft.com/default.aspx?scid=kb;en-us;301640 --- how to > configure auditing. > > > <-> wrote in message news:uv4XrRmKFHA.3500@TK2MSFTNGP14.phx.gbl... > > Hello, > > > > I am being tasked with setting up auditing on the Windows directory of the > > domain controllers via the Domain Controller Security Policy. They don't > > want to touch permissions on it. The thing is, the two seem linked > > together. If I leave the security permissions blank, on the security > > field and just go to auditing, and select a group and what to audit, will > > I run the risk of removing all permissions to the Windows directory? > > > >
- Previous message: Roger Abell: "Re: How to create Power User on Windows 2003?"
- In reply to: Steven L Umbach: "Re: DC Policy: just want to audit files, not set security"
- Next in thread: Steven L Umbach: "Re: DC Policy: just want to audit files, not set security"
- Reply: Steven L Umbach: "Re: DC Policy: just want to audit files, not set security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
