|
Posted by Roger Abell [MVP] on November 7, 2006, 9:12 am
Please log in for more thread options
Basically you need to run a process (your script, third-party tool, etc.)
over all of the storage and examine the NTFS Audit SACL.
My own approach would be to integrate the server by setting it to
the defined standards in use. That is, after becoming familiar with the
storage structure, there would be a statement of how it should be set
for share level and NTFS level permissions, and of whether any of
the areas in the store should be auditied and for what kind of access.
The storage would then be brought under known NTFS (and share level)
control. The shorter form of this, addressing your issue, would be to
go into the NTFS settings at the root and clear the Auditing and have
that auditing setting propagate to all substructure (be careful here so
that you do not also propagate the non-audit, normal grants).
> We acquired a server from another depertament that has some files and
> folders
> audited.
> We want to know how to retrieve the list of the files and folders audited
> as
> we have no document that specify where they are.
> Looking file by file is NOT a solution as we have hundred of folders and
> thousand of files where auditing have been applied.
> Did not find any trace in registry.
> Any idea?
> Thanks
| 
XML Sitemap