Learn how to a build a cloud-first strategyRegister Now


Trace NTFS File/Folder Permissions Modification

Posted on 2009-02-10
Medium Priority
Last Modified: 2013-12-05
Is there any way natively in 2000/2003 server to audit which user modified NTFS permissions on a folder? I don't think there is, but thought I'd ask as we've just had an e-mail go around at work that an unauthorised modification has been made to permissions on the root level of a server data drive.....
Question by:Stuart Oram
LVL 85

Accepted Solution

oBdA earned 2000 total points
ID: 23604986
You can audit anything you can change for a file. Just don't get carried away and start to audit all events in a large folder from the top down, this will bring down the best of file servers (and fill the security event log pretty quickly) ...
How to set up and manage operation-based auditing for Windows Server 2003, Enterprise Edition
You just can't do that retroactively; if auditing wasn't enabled during the change, then you can't find the culprit now.

Author Closing Comment

by:Stuart Oram
ID: 31545272
Thanks - Haven't made in depth use of the security log so wasn't sure quite what events it was capable of logging!

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question