Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to log denied access in Windows

Posted on 2009-04-05
3
Medium Priority
?
318 Views
Last Modified: 2012-05-06
We want to have the security event viewer log when a user is denied access to a particular folder. For instance we are required to log when unauthorized users try to access the security event viewer log. We also have to log when a user tries to access certain directories they are not allowed to on the server. We have successfully locked them out of this access but a DoD requirement states that we have to log when they even try to access that folder or event viewer. Any ideas on how to do this, especially via group policy? We're in Windows Server 2008. I need this ASAP before our audit this week.

Thanks!
0
Comment
Question by:GCIT_Manager
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 2000 total points
ID: 24074307
0
 
LVL 3

Expert Comment

by:jcparedes
ID: 24074503
Do it like this:

1.      Open Active Directory Users and Computers. Click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
2.      In the console tree, right-click the domain or organizational unit for which you want to set Group Policy.
3.      Click Properties, and then click the Group Policy tab.
4.      Click Edit to open the Group Policy object (GPO) that you want to edit. You can also click New to create a new GPO, and then click Edit.
5.      In the console tree, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Audit Policy.
6.      In the details pane, double-click Audit object access.
7.      If you are defining auditing policy settings for this event category for the first time, select the Define these policy settings check box.
8.      Select the Failure check box.


Keep in mind that your Security log would be huge, probably some GB's each day, depending on your network size and use, so save your security log first and then do the changes or you might lose a lot of info.
0
 

Author Comment

by:GCIT_Manager
ID: 24074513
Thanks!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question