Solved

Tracking file/folder access

Posted on 2006-07-24
5
1,300 Views
Last Modified: 2013-12-04
I'd like to track what files/folders a particular user accesses so I have auditing turned on for the user & files/folders I want to monitor. However, the only thing that shows up in the security logs are the 576 event id's which do not tell you the files/folders. What am I missing....
0
Comment
Question by:tracknut
5 Comments
 
LVL 5

Accepted Solution

by:
floorman67 earned 25 total points
ID: 17168479
as explained here as well as all ID codes, http://www.privacywindows.com/securityfaq/security_systems.html , event 576 is "Special privileges assigned to new logon".

here is some infor you might find useful
http://www.microsoft.com/technet/archive/winntas/support/usesecur.mspx?mfr=true


there are some 3rd party applications that can monitor in real time like filemon
http://www.sysinternals.com/Utilities/Filemon.html
0
 

Author Comment

by:tracknut
ID: 17170553
thanks...I have a user I'd like to track what folders they are accessing. Any applications that will track this and report on what they accessed?
0
 
LVL 5

Assisted Solution

by:beechfielder
beechfielder earned 25 total points
ID: 17205307
Event ID 560 tells you who opened the file, the name of the file, and what kind of access.   567 is connected and should tell you the permissions in use.  Look before the 567 event for a 560.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now