Re: Detail display for audit policy

Users cannot modify AD ACLs. But if you want to check their ACLs they
have on their computers, you can use some tool that allows remotely
manipulating with security such as Scriptlogic's Security Explorer
(http://scriptlogic.com/securityexplorer).
Jacky wrote:
Hello

Thanks for your help. If I want to audit the user permission. Which user
logon and change the Active Directory's setting, like user permission, file
permission.
These auditing program can hekp me to monitor it?

Thanks

"Hakan GOKCOL" wrote:

You'll need to enable auditing for successful object access events on the
servers on which the folders reside, and you'll need to enable auditing on
the folders you want to monitor. To enable auditing for successful object
access events, you can either use an existing Group Policy Object (GPO)
that's applied to your file servers or, if you don't already control
auditing through Group Policy, you can enable it in each server's Local
Computer Policy. Either way, set the Audit object access policy under Local
Computer Policy\Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy (in Group Policy Editor-GPE) to a
Security Setting of Success.

To enable auditing on a folder, open the folder's properties dialog box,
select the Security tab, click Advanced, and select the Auditing tab of the
Advanced Security Settings window. Be careful which permissions you enable
for auditing because you can easily fill up your log with access events. In
your case, you want to monitor only for successful uses of the permission
that lets a user change an object's ACL-the Change permissions permission.
Shows that I've enabled auditing of successful Change permissions events on
the DeptFiles folder. I've also specified Everyone as the name of the audit
entry because I want to audit everyone. . . .

Hakan GOKCOL


"Jacky" <Jacky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:82F0C709-2A36-4C7C-BBCA-D974A925C081@xxxxxxxxxxxxxxxx
Hello,

I change the audit policy, all were success in security setting.
In event viewer, it shows the success audiot in security option.
But the description was too simple.

For example, If any user change the any user's file permission. Any method
can display the username, time, which item change(specific detail) in
description.

Thanks


.

Relevant Pages

  • Re: .NET Smart Clients, transparency and security
    ... I don't think FULLTRUST should ever be granted to anything ... You just need to define the Enterpise Policy. ... Security kinda works like ... not have a permission you should not be able to obtain it nor grant it ...
    (microsoft.public.platformsdk.security)
  • Re: .NET Smart Clients, transparency and security
    ... I don't think FULLTRUST should ever be granted to anything ... You just need to define the Enterpise Policy. ... Security kinda works like ... not have a permission you should not be able to obtain it nor grant it ...
    (microsoft.public.dotnet.security)
  • Re: [PATCH] do_signal_stop: use signal_group_exit()
    ... : security: permission dccp_recv in class netif not defined in policy ...
    (Linux-Kernel)
  • Re: Audit folder access
    ... First you need to enable auditing on the machine. ... Local Security Policy or Group Policy. ... Policy - expand Local Policies, click on Audit Policy, and in the right pane ...
    (microsoft.public.windows.server.general)
  • Re: no touch deployment SecurityException
    ... You can't get permissions that you aren't granted by local security policy, ... but other assemblies on the stack or the AppDomain ... >> policy to grant this permission. ...
    (microsoft.public.dotnet.security)