Improve company productivity with a Business Account.Sign Up

x
?
Solved

Auditing Files & Folders using Create Files/Write Data

Posted on 2006-06-28
5
Medium Priority
?
429 Views
Last Modified: 2010-04-13
I set up file and folder auditing for a folder by putting a check mark next to Create Files/Write Data, Create Folders/Append Data, Delete Subfolders and Files, and Delete under Successful Column for the Everyone Group. Auditing is working fine, Event ID 564 (Object Deleted) is showing up in the Security log when someone deletes a file inside the folder. My question is what Event ID is triggered and that I should look for in the Security Log when someone creates a file or a folder inside the folder that I'm auditing?
0
Comment
Question by:jkelley53
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
davidsummers earned 500 total points
ID: 17006955
http://support.microsoft.com/?id=299475

This has all the common events for this range
0
 
LVL 1

Author Comment

by:jkelley53
ID: 17010536

Thanks for your comment David! That's very helpful. Now, how come I'm only seeing 3 events in the Security Log that is associated with the folder that I'm auditing? Event ID 560 (Object Open), Event ID 562 (Handle Close), Event ID 564 (Object Deleted). How can I tell the difference if someone opens a file and change the file from someone created a new file in that folder? Looks like the same event is being log, event 560 and 562, when someone opens and edit a file and when someone creates a new file. Same event is also triggered followed by 564 when a file is deleted.
0
 
LVL 1

Expert Comment

by:davidsummers
ID: 17014070
It would be. You would not see an event for file modification, only File open
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
One day, as you try to send an email from your SharePoint account, an error message appears saying: “E-mail Message Cannot be Sent.” You may have outgoing email settings misconfigured.
Watch the video of Kernel Migrator for SharePoint, which demonstrate the process easily of migration from SharePoint to SharePoint, OneDrive for Business & Google Drive servers, Public Folder to SharePoint, File Server to SharePoint. The tool has va…
Did you know PowerShell can save you time with SaaS platforms? Simply leverage RESTfulAPIs to build your own PowerShell modules. These will kill repetitive tickets and tabs, using the command Invoke-RestMethod. Tune into this webinar to learn how…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question