Solved

How to log denied access in Windows

Posted on 2009-04-05
3
314 Views
Last Modified: 2012-05-06
We want to have the security event viewer log when a user is denied access to a particular folder. For instance we are required to log when unauthorized users try to access the security event viewer log. We also have to log when a user tries to access certain directories they are not allowed to on the server. We have successfully locked them out of this access but a DoD requirement states that we have to log when they even try to access that folder or event viewer. Any ideas on how to do this, especially via group policy? We're in Windows Server 2008. I need this ASAP before our audit this week.

Thanks!
0
Comment
Question by:GCIT_Manager
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 24074307
0
 
LVL 3

Expert Comment

by:jcparedes
ID: 24074503
Do it like this:

1.      Open Active Directory Users and Computers. Click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
2.      In the console tree, right-click the domain or organizational unit for which you want to set Group Policy.
3.      Click Properties, and then click the Group Policy tab.
4.      Click Edit to open the Group Policy object (GPO) that you want to edit. You can also click New to create a new GPO, and then click Edit.
5.      In the console tree, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Audit Policy.
6.      In the details pane, double-click Audit object access.
7.      If you are defining auditing policy settings for this event category for the first time, select the Define these policy settings check box.
8.      Select the Failure check box.


Keep in mind that your Security log would be huge, probably some GB's each day, depending on your network size and use, so save your security log first and then do the changes or you might lose a lot of info.
0
 

Author Comment

by:GCIT_Manager
ID: 24074513
Thanks!
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question