We help IT Professionals succeed at work.

Trace NTFS File/Folder Permissions Modification

Medium Priority
Last Modified: 2013-12-05
Is there any way natively in 2000/2003 server to audit which user modified NTFS permissions on a folder? I don't think there is, but thought I'd ask as we've just had an e-mail go around at work that an unauthorised modification has been made to permissions on the root level of a server data drive.....
Watch Question

Most Valuable Expert 2019
Most Valuable Expert 2018
You can audit anything you can change for a file. Just don't get carried away and start to audit all events in a large folder from the top down, this will bring down the best of file servers (and fill the security event log pretty quickly) ...
How to set up and manage operation-based auditing for Windows Server 2003, Enterprise Edition
You just can't do that retroactively; if auditing wasn't enabled during the change, then you can't find the culprit now.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Stuart OramIT Technical Lead (Project Sites)


Thanks - Haven't made in depth use of the security log so wasn't sure quite what events it was capable of logging!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.