Solved

Auditing Files & Folders using Create Files/Write Data

Posted on 2006-06-28
5
411 Views
Last Modified: 2010-04-13
I set up file and folder auditing for a folder by putting a check mark next to Create Files/Write Data, Create Folders/Append Data, Delete Subfolders and Files, and Delete under Successful Column for the Everyone Group. Auditing is working fine, Event ID 564 (Object Deleted) is showing up in the Security log when someone deletes a file inside the folder. My question is what Event ID is triggered and that I should look for in the Security Log when someone creates a file or a folder inside the folder that I'm auditing?
0
Comment
Question by:jkelley53
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
davidsummers earned 125 total points
ID: 17006955
http://support.microsoft.com/?id=299475

This has all the common events for this range
0
 
LVL 1

Author Comment

by:jkelley53
ID: 17010536

Thanks for your comment David! That's very helpful. Now, how come I'm only seeing 3 events in the Security Log that is associated with the folder that I'm auditing? Event ID 560 (Object Open), Event ID 562 (Handle Close), Event ID 564 (Object Deleted). How can I tell the difference if someone opens a file and change the file from someone created a new file in that folder? Looks like the same event is being log, event 560 and 562, when someone opens and edit a file and when someone creates a new file. Same event is also triggered followed by 564 when a file is deleted.
0
 
LVL 1

Expert Comment

by:davidsummers
ID: 17014070
It would be. You would not see an event for file modification, only File open
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2000 Sever Lab Setup 1 664
Trust between Windows Domains 2000/2003 and Windows 2012-R2 2 186
windows 2000 image 3 124
Building AD from Scratch 5 106
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Cloud-based technologies and services will continue to grow in popularity in 2017 thanks to the simple, scalable and cost-effective solutions they deliver. Here are three areas where cloud adoption is poised to really take off.
A short film showing how OnPage and Connectwise integration works.
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now