Click here to get back home

Auditing folders that users dont have permissions to
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Auditing folders that users dont have permissions to ChrisW 07-25-2006
Posted by ChrisW on July 25, 2006, 12:36 pm
Please log in for more thread options
 Hello,

We want to log users who try to write to folders that they do not have
permissions to. We have enabled logging under Local Policies, Audit
Policies. Its not working tho.

For example, say there is a folder on the C:\ that users do not have
permissions to write to. Run a DOS command to write a file.

C:\>Dir *.* > C:\Secure\test.txt
Access is denied.

DOS says that access is denied and nothing gets written to the Security
event log. Is there something else that needs to be enabled or set?

Thanks,

ChrisW


Posted by Casper van Eersel on July 25, 2006, 1:12 pm
Please log in for more thread options
 Yes, there is. Auditing needs to be enabled on the folder which you want to
have audited. To do this:

Rightclick the folder -> Properties -> Security -> Advanced -> Auditing
tab -> Add...

Enable the settings you want to enable, and you should be ready to go.

Casper.



> Hello,
>
> We want to log users who try to write to folders that they do not have
> permissions to. We have enabled logging under Local Policies, Audit
> Policies. Its not working tho.
>
> For example, say there is a folder on the C:\ that users do not have
> permissions to write to. Run a DOS command to write a file.
>
> C:\>Dir *.* > C:\Secure\test.txt
> Access is denied.
>
> DOS says that access is denied and nothing gets written to the Security
> event log. Is there something else that needs to be enabled or set?
>
> Thanks,
>
> ChrisW
>



Posted by ChrisW on July 25, 2006, 1:30 pm
Please log in for more thread options
Casper van Eersel wrote:
> Rightclick the folder -> Properties -> Security -> Advanced -> Auditing
> tab -> Add...

Got it. Did as you suggested and it works! Thanks.

ChrisW


Posted by Steven L Umbach on July 25, 2006, 1:52 pm
Please log in for more thread options
You need to enable auditing of object access for failure and then audit the
folder for the specific permission you want to track which in your case
would be failed write. You will find that the free tool from Microsoft
called Event Comb greatly helps in tracking down object access events by
allowing you to search for specific events and text strings such as file
name and permission.

Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;301640 ---
folder/file auditing

> Hello,
>
> We want to log users who try to write to folders that they do not have
> permissions to. We have enabled logging under Local Policies, Audit
> Policies. Its not working tho.
>
> For example, say there is a folder on the C:\ that users do not have
> permissions to write to. Run a DOS command to write a file.
>
> C:\>Dir *.* > C:\Secure\test.txt
> Access is denied.
>
> DOS says that access is denied and nothing gets written to the Security
> event log. Is there something else that needs to be enabled or set?
>
> Thanks,
>
> ChrisW
>



Similar ThreadsPosted
Folders and permissions September 29, 2005, 5:35 pm
Audit Failures from users searching folders!! October 5, 2007, 5:37 pm
User folders permissions. June 7, 2007, 3:40 pm
Pulling out users different EFFECTIVE access rights to folders? June 29, 2005, 5:15 am
Folders loosing inherited permissions (win 2k3 sp1) July 12, 2006, 2:46 pm
Share file, but dont allow copy May 15, 2006, 1:05 pm
Is there any utility to recursively delete unknown SIDs from permissions on files/folders? November 3, 2005, 10:17 am
Tool/script to walk thru all folders/shares and identify non-inherited permissions January 5, 2007, 4:28 pm
Script to List all users permissions November 28, 2005, 8:13 am
Granting Users Ownership Permissions September 10, 2006, 12:04 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap