Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Tracking file/folder access

Posted on 2006-07-24
5
Medium Priority
?
1,307 Views
Last Modified: 2013-12-04
I'd like to track what files/folders a particular user accesses so I have auditing turned on for the user & files/folders I want to monitor. However, the only thing that shows up in the security logs are the 576 event id's which do not tell you the files/folders. What am I missing....
0
Comment
Question by:tracknut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 5

Accepted Solution

by:
floorman67 earned 100 total points
ID: 17168479
as explained here as well as all ID codes, http://www.privacywindows.com/securityfaq/security_systems.html , event 576 is "Special privileges assigned to new logon".

here is some infor you might find useful
http://www.microsoft.com/technet/archive/winntas/support/usesecur.mspx?mfr=true


there are some 3rd party applications that can monitor in real time like filemon
http://www.sysinternals.com/Utilities/Filemon.html
0
 

Author Comment

by:tracknut
ID: 17170553
thanks...I have a user I'd like to track what folders they are accessing. Any applications that will track this and report on what they accessed?
0
 
LVL 5

Assisted Solution

by:beechfielder
beechfielder earned 100 total points
ID: 17205307
Event ID 560 tells you who opened the file, the name of the file, and what kind of access.   567 is connected and should tell you the permissions in use.  Look before the 567 event for a 560.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question