Solved

Notification in change of ownership

Posted on 2009-03-30
5
257 Views
Last Modified: 2013-11-05
I have a network where we have two domain admins - one of them has full access to all files, while the other does not need to be able to see all documents.  We do trust that other person, however, for legal reasons, we need some sort of "firmer differentiation".  Right now domain admins doesn't have access to any of the secured folders - however, I know that as a domain admin they can easily just take over ownership of a whole folder & then have access to it.  It may be months before I would even know that happens as I do not actively check that.  That said, I am looking to see if there is any application that can be added a file server that notifies me when any ownership or permissions are changed?  (preferally via email or some other traceable method).  This would also help me in documenting changes to share permissions.

Along those same lines, are there any applications out there that can look at a single share (or better yet a full drive on a server) & then do a diagram of the permissions that are on each folder?  I need to work on building a permissions map for my disaster recovery & it would be a lot easier than going through on each folder.

Thanks ahead of time for your help.
0
Comment
Question by:rustyrpage
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
mrmarkfury earned 250 total points
ID: 24024458
You can use auditing on the file server to log changes in permissions:

Go to the file server, go to Administrative tools->local security policy
Go to security settings->local policies->audit policy->and doubleclick "Audit object access"
Under Audit these attempts, check "Success" and click ok.

Then, go to Windows Explorer, Right click the share, and go to the security tab and click advanced.
Go to the auditing tab, add the Domain admins group.
Edit the domain admin groups auditing policy and check "change permissions" and "take ownership" under the success tab.  Make sure "Apply onto" is set to "This folder, subfolders, and files".
Click OK

This will log any changes in the permissions, or take ownership to the file servers Event Log. To view, click Run, and enter eventvwr. The entries will be underneath Security

Hope that helps

0
 
LVL 5

Expert Comment

by:mrmarkfury
ID: 24024466
Also, this may be able to help for the NTFS mapping:
http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx
0
 
LVL 6

Author Comment

by:rustyrpage
ID: 24024499
The key would be to make it as automatic as possible - we have 20+ file servers that I would have to do this on, so an email would be ideal.
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
ID: 24025056
Auditing of "privilaged use" will enable you to monitor changes of ownership - nothing automatic though I'm affraid - but you can use EventCombMT to look for audit events across servers http://support.microsoft.com/kb/824209

If you want something do document the permissions try DumpSec http://www.systemtools.com/free.htm

There are also some MS tools that might help see http://technet.microsoft.com/en-us/sysinternals/25e27bed-b251-4af4-b30a-c2a2a93a80d9.aspx
0
 
LVL 6

Author Comment

by:rustyrpage
ID: 24030607
Thanks - that should get me going for the time being - I appreciate it!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question