how should I monitor file pemission changes on Windows 2003 servers?
how should I monitor file pemission changes on Windows 2003 servers?
Wich tool/software are reliable?
Wich tool/software are reliable?
ASKER
Thanks snoopfrogg but my question was not clear enough.
The point is how to parse/sort hunderds of thoussands events in a large environment? (+2000 Windows Servers). Audit department is complaining because there are too many system administrators and if someone change permission on a file or delete a file (boot.ini) nobody is able to figure out who did it.
The point is how to parse/sort hunderds of thoussands events in a large environment? (+2000 Windows Servers). Audit department is complaining because there are too many system administrators and if someone change permission on a file or delete a file (boot.ini) nobody is able to figure out who did it.
Systems Center Operations Manager has an audit collation feature called Audit Collection Services: http://www.microsoft.com/systemcenter/operationsmanager/en/us/default.aspx.
GFI Events Manager is an audit collation package that lets you view audit logs from a central location: http://www.gfi.com/eventsmanager.
Whichever route you go, you'll need to plan for a management server, backend server, and plan for plenty of storage (depending on the size of your environment, of course).
GFI Events Manager is an audit collation package that lets you view audit logs from a central location: http://www.gfi.com/eventsmanager.
Whichever route you go, you'll need to plan for a management server, backend server, and plan for plenty of storage (depending on the size of your environment, of course).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://technet.microsoft.com/en-us/library/cc781549(WS.10).aspx
Then, you'll need to enable auditing in the security settings for the file(s) and/or folder(s) you want to audit.