Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Auditing Files & Folders using Create Files/Write Data

Posted on 2006-06-28
5
Medium Priority
?
424 Views
Last Modified: 2010-04-13
I set up file and folder auditing for a folder by putting a check mark next to Create Files/Write Data, Create Folders/Append Data, Delete Subfolders and Files, and Delete under Successful Column for the Everyone Group. Auditing is working fine, Event ID 564 (Object Deleted) is showing up in the Security log when someone deletes a file inside the folder. My question is what Event ID is triggered and that I should look for in the Security Log when someone creates a file or a folder inside the folder that I'm auditing?
0
Comment
Question by:jkelley53
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
davidsummers earned 500 total points
ID: 17006955
http://support.microsoft.com/?id=299475

This has all the common events for this range
0
 
LVL 1

Author Comment

by:jkelley53
ID: 17010536

Thanks for your comment David! That's very helpful. Now, how come I'm only seeing 3 events in the Security Log that is associated with the folder that I'm auditing? Event ID 560 (Object Open), Event ID 562 (Handle Close), Event ID 564 (Object Deleted). How can I tell the difference if someone opens a file and change the file from someone created a new file in that folder? Looks like the same event is being log, event 560 and 562, when someone opens and edit a file and when someone creates a new file. Same event is also triggered followed by 564 when a file is deleted.
0
 
LVL 1

Expert Comment

by:davidsummers
ID: 17014070
It would be. You would not see an event for file modification, only File open
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The number of companies understanding the potential of IoT on B2B market is growing with each day. And yet only a small share of IoT developers have managed to equalize incomes and stay competitive in the international market.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question