Click here to get back home

security auditing on a share
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
security auditing on a share Bryce 03-01-2007
Posted by Bryce on March 1, 2007, 4:13 pm
Please log in for more thread options
 I've set up auditing on a dummy share on a server.

In the Event Viewer, I'm looking under Security logs for signs of access to
that folder and opening of a file in that folder and I don't see anything
even when I access it from a third computer.

What exactly should I be looking for? Where are the logs kept for this
information?

Thanks.



Posted by Roger Abell [MVP] on March 1, 2007, 8:45 pm
Please log in for more thread options
 They show up in the security log as category Object Access events.
There are two things you must do to enable this. One, it sounds you
have done, is set audit SACL in the Security dialog of the NTFS
object, on the Audit tab. The other is to enable auditing of Object
Access for success and/or failure, in the local security policy or
via GPO that sets this.

> I've set up auditing on a dummy share on a server.
>
> In the Event Viewer, I'm looking under Security logs for signs of access
> to that folder and opening of a file in that folder and I don't see
> anything even when I access it from a third computer.
>
> What exactly should I be looking for? Where are the logs kept for this
> information?
>
> Thanks.
>



Posted by Bryce on March 2, 2007, 12:31 pm
Please log in for more thread options
Thank you Roger.

Bryce.

> They show up in the security log as category Object Access events.
> There are two things you must do to enable this. One, it sounds you
> have done, is set audit SACL in the Security dialog of the NTFS
> object, on the Audit tab. The other is to enable auditing of Object
> Access for success and/or failure, in the local security policy or
> via GPO that sets this.
>
>> I've set up auditing on a dummy share on a server.
>>
>> In the Event Viewer, I'm looking under Security logs for signs of access
>> to that folder and opening of a file in that folder and I don't see
>> anything even when I access it from a third computer.
>>
>> What exactly should I be looking for? Where are the logs kept for this
>> information?
>>
>> Thanks.
>>
>
>



Similar ThreadsPosted
Auditing File Share Security February 5, 2007, 3:44 pm
Auditing Security July 22, 2005, 1:21 pm
Auditing Security Events May 10, 2007, 1:54 am
Windows 2003, Domain Controllers & "Manage auditing and security November 1, 2006, 4:43 pm
Share Security Options July 13, 2005, 6:26 am
Folder/Share security question January 7, 2008, 10:17 am
Fastest way to refresh security and share permission July 4, 2006, 7:53 pm
MSIE 7 Requires Browser Security Permissions to Run a Network File Share EXE? November 2, 2006, 11:51 pm
Login Auditing June 17, 2005, 11:05 am
Auditing user OU Changes February 14, 2008, 11:48 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap