Solved

Audit Specific Folders on Windows 2003 Server

Posted on 2007-03-21
2
362 Views
Last Modified: 2009-08-19
Here are the facts:

I have a server that holds a ton of information that is accessed by 5000 employees
I want to audit object access on one folder, and one folder only

I have seen a lot of information on this subject and they all say the same thing:

Step One - Go to the group policy editor and turn on successful events for Audit Object Access
and
Step Two - Go to the folder I want to audit and add the group or users I want to audit,  then select the "actions" you want to audit

I have already learned that doing step two without step one produces zero results. HERE IS THE REAL QUESTION. If I do step one, but dont define a folder to audit, will it start filling up my security log with stuff, OR, Is step two required to get any results at all.

Thanks in advanve for your help.

0
Comment
Question by:phishyman2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 250 total points
ID: 18767529
step two is required...... you have to have both configured or nothing will work
0
 

Expert Comment

by:zorba111
ID: 25137072
NO !!

If you do step 1 on its own, you get a whole load of access events by default for things you haven't even told the system you want to monitor !!

I  think that a lot of things like the registry and system folders log acces events as soon as a GPO enables a "Object Access Policy".
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question