[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 441
  • Last Modified:

NTFS auditing

Hello,

   I can only find this answer online for Server 2003, need info for Server2008r2. When I turn on Auditing for a file, what event ID do I look for in the security logs to see who made changes. Its funny how al of the articles out there show everytihng but this info.
0
entint
Asked:
entint
1 Solution
 
BelushiLomaxCommented:
event id 4656  I believe
0
 
AnuroopsunddCommented:
•New Event IDs for auditing CHANGES
¿Modification of objects: event ID 5136
¦Explicit SACL on object or inheriting SACL on parent container auditing <sec. princ.> for "Successes/Failures" of "<whatever action>" on "<whatever scope>"
¿Creation of objects: event ID 5137
¦Explicit/Inheriting SACL on parent container auditing <sec. princ.> for "Successes/Failures" of "Create specific object-Class" or "Create All Childs" on "This Object and All Descendant Objects"
¿Undelete/reanimation of objects: event ID 5138
¦Explicit SACL on NC head auditing <sec. princ.> for "Successes/Failures" of "Reanimate Tombstone" on "This Object Only"
¦Explicit/Inheriting SACL on target OU auditing <sec. princ.> for "Successes/Failures" of "Create specific object-Class" or "Create All Childs" on "This Object and All Descendant Objects"
¿Moving objects: event ID 5139
¦Explicit/Inheriting SACL on source OU auditing <sec. princ.> for "Successes/Failures" of "Delete specific object-Class" or "Delete All Childs" on "This Object and All Descendant Objects"
¦Explicit/Inheriting SACL on target OU auditing <sec. princ.> for "Successes/Failures" of "Create specific object-Class" or "Create All Childs" on "This Object and All Descendant Objects"


http://blogs.dirteam.com/blogs/jorge/archive/2008/04/29/auditing-in-windows-server-2008.aspx
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now