?
Solved

How to log denied access in Windows

Posted on 2009-04-05
3
Medium Priority
?
316 Views
Last Modified: 2012-05-06
We want to have the security event viewer log when a user is denied access to a particular folder. For instance we are required to log when unauthorized users try to access the security event viewer log. We also have to log when a user tries to access certain directories they are not allowed to on the server. We have successfully locked them out of this access but a DoD requirement states that we have to log when they even try to access that folder or event viewer. Any ideas on how to do this, especially via group policy? We're in Windows Server 2008. I need this ASAP before our audit this week.

Thanks!
0
Comment
Question by:GCIT_Manager
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 2000 total points
ID: 24074307
0
 
LVL 3

Expert Comment

by:jcparedes
ID: 24074503
Do it like this:

1.      Open Active Directory Users and Computers. Click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
2.      In the console tree, right-click the domain or organizational unit for which you want to set Group Policy.
3.      Click Properties, and then click the Group Policy tab.
4.      Click Edit to open the Group Policy object (GPO) that you want to edit. You can also click New to create a new GPO, and then click Edit.
5.      In the console tree, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Audit Policy.
6.      In the details pane, double-click Audit object access.
7.      If you are defining auditing policy settings for this event category for the first time, select the Define these policy settings check box.
8.      Select the Failure check box.


Keep in mind that your Security log would be huge, probably some GB's each day, depending on your network size and use, so save your security log first and then do the changes or you might lose a lot of info.
0
 

Author Comment

by:GCIT_Manager
ID: 24074513
Thanks!
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses
Course of the Month14 days, 1 hour left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question