Solved

NTFS auditing

Posted on 2012-04-06
2
431 Views
Last Modified: 2012-06-27
Hello,

   I can only find this answer online for Server 2003, need info for Server2008r2. When I turn on Auditing for a file, what event ID do I look for in the security logs to see who made changes. Its funny how al of the articles out there show everytihng but this info.
0
Comment
Question by:entint
2 Comments
 
LVL 7

Accepted Solution

by:
BelushiLomax earned 300 total points
ID: 37816007
event id 4656  I believe
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37816129
•New Event IDs for auditing CHANGES
¿Modification of objects: event ID 5136
¦Explicit SACL on object or inheriting SACL on parent container auditing <sec. princ.> for "Successes/Failures" of "<whatever action>" on "<whatever scope>"
¿Creation of objects: event ID 5137
¦Explicit/Inheriting SACL on parent container auditing <sec. princ.> for "Successes/Failures" of "Create specific object-Class" or "Create All Childs" on "This Object and All Descendant Objects"
¿Undelete/reanimation of objects: event ID 5138
¦Explicit SACL on NC head auditing <sec. princ.> for "Successes/Failures" of "Reanimate Tombstone" on "This Object Only"
¦Explicit/Inheriting SACL on target OU auditing <sec. princ.> for "Successes/Failures" of "Create specific object-Class" or "Create All Childs" on "This Object and All Descendant Objects"
¿Moving objects: event ID 5139
¦Explicit/Inheriting SACL on source OU auditing <sec. princ.> for "Successes/Failures" of "Delete specific object-Class" or "Delete All Childs" on "This Object and All Descendant Objects"
¦Explicit/Inheriting SACL on target OU auditing <sec. princ.> for "Successes/Failures" of "Create specific object-Class" or "Create All Childs" on "This Object and All Descendant Objects"


http://blogs.dirteam.com/blogs/jorge/archive/2008/04/29/auditing-in-windows-server-2008.aspx
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: I have always been a big fan of Windows but my liking towards it is slowly being eroded by the variety of other Applications that I encounter, when I browse the Web. Most of the software available is free and maybe Open Source too. …
This article covers how to install the Microsoft Windows Operating System (OS). What is covered in this article:  > Different Versions and Editions of the Windows OS  > Upgrading versus Fresh Installation of the OS           - Steps to take pr…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now