Solved

Auditing Files & Folders using Create Files/Write Data

Posted on 2006-06-28
5
416 Views
Last Modified: 2010-04-13
I set up file and folder auditing for a folder by putting a check mark next to Create Files/Write Data, Create Folders/Append Data, Delete Subfolders and Files, and Delete under Successful Column for the Everyone Group. Auditing is working fine, Event ID 564 (Object Deleted) is showing up in the Security log when someone deletes a file inside the folder. My question is what Event ID is triggered and that I should look for in the Security Log when someone creates a file or a folder inside the folder that I'm auditing?
0
Comment
Question by:jkelley53
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
davidsummers earned 125 total points
ID: 17006955
http://support.microsoft.com/?id=299475

This has all the common events for this range
0
 
LVL 1

Author Comment

by:jkelley53
ID: 17010536

Thanks for your comment David! That's very helpful. Now, how come I'm only seeing 3 events in the Security Log that is associated with the folder that I'm auditing? Event ID 560 (Object Open), Event ID 562 (Handle Close), Event ID 564 (Object Deleted). How can I tell the difference if someone opens a file and change the file from someone created a new file in that folder? Looks like the same event is being log, event 560 and 562, when someone opens and edit a file and when someone creates a new file. Same event is also triggered followed by 564 when a file is deleted.
0
 
LVL 1

Expert Comment

by:davidsummers
ID: 17014070
It would be. You would not see an event for file modification, only File open
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Check out this step-by-step guide for asking an anonymous question on Experts Exchange.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question