Solved

Notification in change of ownership

Posted on 2009-03-30
5
260 Views
Last Modified: 2013-11-05
I have a network where we have two domain admins - one of them has full access to all files, while the other does not need to be able to see all documents.  We do trust that other person, however, for legal reasons, we need some sort of "firmer differentiation".  Right now domain admins doesn't have access to any of the secured folders - however, I know that as a domain admin they can easily just take over ownership of a whole folder & then have access to it.  It may be months before I would even know that happens as I do not actively check that.  That said, I am looking to see if there is any application that can be added a file server that notifies me when any ownership or permissions are changed?  (preferally via email or some other traceable method).  This would also help me in documenting changes to share permissions.

Along those same lines, are there any applications out there that can look at a single share (or better yet a full drive on a server) & then do a diagram of the permissions that are on each folder?  I need to work on building a permissions map for my disaster recovery & it would be a lot easier than going through on each folder.

Thanks ahead of time for your help.
0
Comment
Question by:rustyrpage
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
mrmarkfury earned 250 total points
ID: 24024458
You can use auditing on the file server to log changes in permissions:

Go to the file server, go to Administrative tools->local security policy
Go to security settings->local policies->audit policy->and doubleclick "Audit object access"
Under Audit these attempts, check "Success" and click ok.

Then, go to Windows Explorer, Right click the share, and go to the security tab and click advanced.
Go to the auditing tab, add the Domain admins group.
Edit the domain admin groups auditing policy and check "change permissions" and "take ownership" under the success tab.  Make sure "Apply onto" is set to "This folder, subfolders, and files".
Click OK

This will log any changes in the permissions, or take ownership to the file servers Event Log. To view, click Run, and enter eventvwr. The entries will be underneath Security

Hope that helps

0
 
LVL 5

Expert Comment

by:mrmarkfury
ID: 24024466
Also, this may be able to help for the NTFS mapping:
http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx
0
 
LVL 6

Author Comment

by:rustyrpage
ID: 24024499
The key would be to make it as automatic as possible - we have 20+ file servers that I would have to do this on, so an email would be ideal.
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
ID: 24025056
Auditing of "privilaged use" will enable you to monitor changes of ownership - nothing automatic though I'm affraid - but you can use EventCombMT to look for audit events across servers http://support.microsoft.com/kb/824209

If you want something do document the permissions try DumpSec http://www.systemtools.com/free.htm

There are also some MS tools that might help see http://technet.microsoft.com/en-us/sysinternals/25e27bed-b251-4af4-b30a-c2a2a93a80d9.aspx
0
 
LVL 6

Author Comment

by:rustyrpage
ID: 24030607
Thanks - that should get me going for the time being - I appreciate it!
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question