Solved

Tracking file/folder access

Posted on 2006-07-24
5
1,298 Views
Last Modified: 2013-12-04
I'd like to track what files/folders a particular user accesses so I have auditing turned on for the user & files/folders I want to monitor. However, the only thing that shows up in the security logs are the 576 event id's which do not tell you the files/folders. What am I missing....
0
Comment
Question by:tracknut
5 Comments
 
LVL 5

Accepted Solution

by:
floorman67 earned 25 total points
Comment Utility
as explained here as well as all ID codes, http://www.privacywindows.com/securityfaq/security_systems.html , event 576 is "Special privileges assigned to new logon".

here is some infor you might find useful
http://www.microsoft.com/technet/archive/winntas/support/usesecur.mspx?mfr=true


there are some 3rd party applications that can monitor in real time like filemon
http://www.sysinternals.com/Utilities/Filemon.html
0
 

Author Comment

by:tracknut
Comment Utility
thanks...I have a user I'd like to track what folders they are accessing. Any applications that will track this and report on what they accessed?
0
 
LVL 5

Assisted Solution

by:beechfielder
beechfielder earned 25 total points
Comment Utility
Event ID 560 tells you who opened the file, the name of the file, and what kind of access.   567 is connected and should tell you the permissions in use.  Look before the 567 event for a 560.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now