Re: Setting Audit Permissions Differently for Each User
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Sat, 30 Dec 2006 00:24:12 -0700
Hi Will,
Jesper is quite correct in his response.
You may be able to accomplish this objective more simply than
defining a group with all accounts except System however, if
your users are members of Users (or Domain Users and hence
of Users).
I notice that System does not have Users in its token but does
have Authenticated Users, Administrators, and Everyone.
Now, for this to work, you would need to have Interactive and
Authenticated Users removed from Users (I routinely remove
Interactive and Authenticated Users from Users anyway).
So, if you just either made sure that each individual admin account
was member of Users (or Domain Users), or if you defined a group
that mirrored Administrators, and used these in place of Everyone
then you would not be auditing for System via those and could
avoid the duplications Jesper indicated.
Roger
"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:J_adnbLFOJjLHQzYnZ2dnUVZ_vipnZ2d@xxxxxxxxxxxxxxx
So far I have used the auditing features in NTFS by specifying rules for
reserved user Everyone, just to make the rules simple to specify. Is
there a way I could specify one rule for SYSTEM, another rule for every
other user? In other words, if you have multiple users or groups in
your
audit list, and then a catch all for Everyone, how does Windows process
those rules?
--
Will
.
- Follow-Ups:
- References:
- Prev by Date: Re: Help Needed in interpreting Security Audit Logs
- Next by Date: Re: Finding Which Application Requires Specific User Privilege?
- Previous by thread: Setting Audit Permissions Differently for Each User
- Next by thread: Re: Setting Audit Permissions Differently for Each User
- Index(es):
Relevant Pages
|
