Archived from groups: microsoft.public.win2000.security (More info?)
Hi all,
I have a folder shared with full permisions enabled for a security group.
The folder is located on the domain controller. I want to log who modifies,
deletes or adds a file in this folder and subfolders. Then I did the
following way:
First I enabled auditing for this folder:
-Right click of the mouse over the folder, Properties menu/Security
tab/Advanced button/Auditing tab
-Selected the security group I want to audit
-Selected "This folders, subfolders..." from the combo
-Checked the options "Create Files/Write Data", "Create Folders/Append
Data", "Delete Subfolders and Files", "Delete" for both Success and Failure
-The checkbox for "Allow inheritable auditing entries from parent to
propagate..." was enabled
The folder is shared read-only for Everyone, and full for the security group
I want to audit. Security settings on folder are set as default: Everyone,
full access (inherited from C:\ ).
I made some changes to files in the audited folder. Then I opened Event
Viewer / Security and nothing appears.
After that I remembered I should modify the policies on the PC, to allow
auditing. Then I did the following:
-Opened Domain Controller Security Policy
-Opened Windows Settings/Security Settings/Local Policies/Audit Policy
-Enabled "Audit Object Access" and "Audit Privilege Use" for both success
and failure
Then tested again to make some changes on files on the audited folder and
again nothing was logged.
What I'm missing?
Thanks in advance
Faustino
Hi all,
I have a folder shared with full permisions enabled for a security group.
The folder is located on the domain controller. I want to log who modifies,
deletes or adds a file in this folder and subfolders. Then I did the
following way:
First I enabled auditing for this folder:
-Right click of the mouse over the folder, Properties menu/Security
tab/Advanced button/Auditing tab
-Selected the security group I want to audit
-Selected "This folders, subfolders..." from the combo
-Checked the options "Create Files/Write Data", "Create Folders/Append
Data", "Delete Subfolders and Files", "Delete" for both Success and Failure
-The checkbox for "Allow inheritable auditing entries from parent to
propagate..." was enabled
The folder is shared read-only for Everyone, and full for the security group
I want to audit. Security settings on folder are set as default: Everyone,
full access (inherited from C:\ ).
I made some changes to files in the audited folder. Then I opened Event
Viewer / Security and nothing appears.
After that I remembered I should modify the policies on the PC, to allow
auditing. Then I did the following:
-Opened Domain Controller Security Policy
-Opened Windows Settings/Security Settings/Local Policies/Audit Policy
-Enabled "Audit Object Access" and "Audit Privilege Use" for both success
and failure
Then tested again to make some changes on files on the audited folder and
again nothing was logged.
What I'm missing?
Thanks in advance
Faustino
Facebook
Twitter
Instagram