Re: DC Policy: just want to audit files, not set security
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 03/17/05
- Next message: Rob S: "Re: Basic security / 2003 question"
- Previous message: Roger Abell: "Re: DC Policy: just want to audit files, not set security"
- Maybe in reply to: Steven L Umbach: "Re: DC Policy: just want to audit files, not set security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Mar 2005 23:23:31 -0700
You may need to carefully duplicate the access security
definition for the root folder of the area of concern, and
then set the auditing as desired and indicate that this
audit setting is to be propagated to all substructure.
I do know that the inheritance/propagation control for
the audit SACL does not impact the inheritance settings
for access security.
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA <-> wrote in message news:uv4XrRmKFHA.3500@TK2MSFTNGP14.phx.gbl... > Hello, > > I am being tasked with setting up auditing on the Windows directory of the > domain controllers via the Domain Controller Security Policy. They don't > want to touch permissions on it. The thing is, the two seem linked > together. If I leave the security permissions blank, on the security field > and just go to auditing, and select a group and what to audit, will I run > the risk of removing all permissions to the Windows directory? > >
- Next message: Rob S: "Re: Basic security / 2003 question"
- Previous message: Roger Abell: "Re: DC Policy: just want to audit files, not set security"
- Maybe in reply to: Steven L Umbach: "Re: DC Policy: just want to audit files, not set security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
