?
Solved

How to log denied access in Windows

Posted on 2009-04-05
3
Medium Priority
?
319 Views
Last Modified: 2012-05-06
We want to have the security event viewer log when a user is denied access to a particular folder. For instance we are required to log when unauthorized users try to access the security event viewer log. We also have to log when a user tries to access certain directories they are not allowed to on the server. We have successfully locked them out of this access but a DoD requirement states that we have to log when they even try to access that folder or event viewer. Any ideas on how to do this, especially via group policy? We're in Windows Server 2008. I need this ASAP before our audit this week.

Thanks!
0
Comment
Question by:GCIT_Manager
3 Comments
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 2000 total points
ID: 24074307
0
 
LVL 3

Expert Comment

by:jcparedes
ID: 24074503
Do it like this:

1.      Open Active Directory Users and Computers. Click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
2.      In the console tree, right-click the domain or organizational unit for which you want to set Group Policy.
3.      Click Properties, and then click the Group Policy tab.
4.      Click Edit to open the Group Policy object (GPO) that you want to edit. You can also click New to create a new GPO, and then click Edit.
5.      In the console tree, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Audit Policy.
6.      In the details pane, double-click Audit object access.
7.      If you are defining auditing policy settings for this event category for the first time, select the Define these policy settings check box.
8.      Select the Failure check box.


Keep in mind that your Security log would be huge, probably some GB's each day, depending on your network size and use, so save your security log first and then do the changes or you might lose a lot of info.
0
 

Author Comment

by:GCIT_Manager
ID: 24074513
Thanks!
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question