|
Posted by Roger Abell [MVP] on May 19, 2006, 9:12 am
Please log in for more thread options
To get audit information logged about NTFS objects you need to
both enable auditing of object access and also set the SACL (the
Audit tab in the NTFS security dialog) on what should be subjected
to the auditing. This SACL states what actions should trigger an
audit record being cut, which in your scenario would be success
for the permission to change permissions.
>I would like to get notified, or at least have a reasonable logfile of
> changes in the access rights on a Win2003 file share.
>
> As far as I see it, the Event Log does not do what I like. If I set the
> server to monitor the access right, I can see that something happened,
> but I do not see what has been changed. Also, the Event Log and all the
> tools that use it show way too much information.
>
> What I need is a report that looks like this (Looks better with fixed
> width font):
> USER OBJECT TIMESTAMP
> NEW ACCESS RIGHTS
> ------------ ------------------------ -------------------
> --------------------------------------------------------------------
>
> mydomain\mrx d:\netshare\dir01 2006-05-18-08:10:10
> read, write for all domain users, full access for mydomain\mry, read
> for guests
>
> mydomain\mry d:\netshare\dir02\file01 2006-05-18-08:10:10
> read, write for all domain users, read for guests
>
> Is there any way I can Windows persuade to do this?
> Are there maybe Tools which can perform this Task?
>
> Thanx a lot in advance!
>
| 
XML Sitemap