|
Posted by colincraig on October 2, 2007, 11:51 am
Please log in for more thread options
I'm running a windows 2003 domain. I have turned on Object access
success, failure on in Active directory. I'm auditing my main file
server for failure attempts on "list folders / read data". I'm getting
a lot of failure attempts showing up from users accessing folders and
file that the have access to and in some cases are the owners of. The
users get no access denied messages and they can access the files. If
you look at the access section of the log it appears that they have
complete access. However its getting logged as follows:
Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 18/08/2007
Time: 7:46:25 PM
User: DOMAIN\username
Computer: fileSERVER
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: D:\Fire Data\Bulletins\Response Book copy 2.xls
Handle ID: -
Operation ID:
Process ID: 4
Image File Name:
Primary User Name: FileSERVER
Primary Domain: DOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: username
Client Domain: DOMAIN
Client Logon ID: (0x0,0x5B1CBD)
Accesses: DELETE
READ_CONTROL
ACCESS_SYS_SEC
ReadData (or ListDirectory)
ReadEA
ReadAttributes
Privileges: -
Restricted Sid Count: 0
Access Mask: 0x1030089
If someone can help me!! I've checked everywhere, I
| 
XML Sitemap