Auditing Folder Ownership Changes on Windows Server 2008
Posted on 2012-08-20
How can I find the cause of a folder's Ownership changing from a particular user, say "Joe", to the Administrators Group. The folder, called Test, is on a Windows Server 2008 r2 server and the path looks like the following:
Note: Inheritable permissions is unchecked on Test, so only explicit permissions apply on this folder.
When auditing, will default logging be able to find the cause or do I have to turn on special logging to enable this kind of auditing?