|
Posted by Leuchtflux on December 21, 2006, 8:31 am
Please log in for more thread options Users cannot modify AD ACLs. But if you want to check their ACLs they
have on their computers, you can use some tool that allows remotely
manipulating with security such as Scriptlogic's Security Explorer
(http://scriptlogic.com/securityexplorer).
Jacky wrote:
> Hello
>
> Thanks for your help. If I want to audit the user permission. Which user
> logon and change the Active Directory's setting, like user permission, file
> permission.
> These auditing program can hekp me to monitor it?
>
> Thanks
>
> "Hakan GOKCOL" wrote:
>
> > You'll need to enable auditing for successful object access events on the
> > servers on which the folders reside, and you'll need to enable auditing on
> > the folders you want to monitor. To enable auditing for successful object
> > access events, you can either use an existing Group Policy Object (GPO)
> > that's applied to your file servers or, if you don't already control
> > auditing through Group Policy, you can enable it in each server's Local
> > Computer Policy. Either way, set the Audit object access policy under Local
> > Computer Policy\Computer Configuration\Windows Settings\Security
> > Settings\Local Policies\Audit Policy (in Group Policy Editor-GPE) to a
> > Security Setting of Success.
> >
> > To enable auditing on a folder, open the folder's properties dialog box,
> > select the Security tab, click Advanced, and select the Auditing tab of the
> > Advanced Security Settings window. Be careful which permissions you enable
> > for auditing because you can easily fill up your log with access events. In
> > your case, you want to monitor only for successful uses of the permission
> > that lets a user change an object's ACL-the Change permissions permission.
> > Shows that I've enabled auditing of successful Change permissions events on
> > the DeptFiles folder. I've also specified Everyone as the name of the audit
> > entry because I want to audit everyone. . . .
> >
> > Hakan GOKCOL
> >
> >
> > > Hello,
> > >
> > > I change the audit policy, all were success in security setting.
> > > In event viewer, it shows the success audiot in security option.
> > > But the description was too simple.
> > >
> > > For example, If any user change the any user's file permission. Any method
> > > can display the username, time, which item change(specific detail) in
> > > description.
> > >
> > > Thanks
> >
| 
XML Sitemap