Re: Making Object Access Auditing Work

---

• From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
• Date: Fri, 4 Nov 2005 15:09:00 -0600

---

Verify in Local Security Policy [secpol.msc] that it does show that auditing
of object access is enabled for success and failure. For Windows 2000 look
at the effective setting. Are any object access events being recorded at
all?? --- Steve



"Ken" <Ken@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:430A856C-7781-4157-B875-D7AB8EB3479D@xxxxxxxxxxxxxxxx
> The server that I want to audit is a Domain Controller. It also serves as
> a
> file/print server. The files and folders that I want to audit are on a
> share
> which resides on the SAN. The log file is set to overwrite events.
>
> Anymore ideas ?
>
> "Steven L Umbach" wrote:
>
>> If you enable it in Domain Controller Security Policy, file auditing will
>> work only on domain controllers. Also check to see if the security log is
>> full. You may want to clear it and be sure to increase the size of it
>> substantially. --- Steve
>>
>>
>> "Ken" <Ken@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:8B443B1C-4C57-4359-97FD-CD76817308EF@xxxxxxxxxxxxxxxx
>> >I have enabled "Audit Object Access" in the default domain controllers
>> > policy, its been enabled for a few days now. However, when I set a file
>> > up
>> > for auditng for success or failure of multiple attributes such as
>> > delete
>> > etc,
>> > the changes never show up in the Event Viewer Security log, so I
>> > suppose
>> > its
>> > not working or I have something configured incorrectly. Note that
>> > "Audit
>> > Account Management" is also enable in this policy and is writing to the
>> > security log with no issues.
>> >
>> > Any help would be greatly apprecitated.
>> >
>> >
>> > Thanks
>>
>>
>>


.

---

• References:
  • Re: Making Object Access Auditing Work
    • From: Steven L Umbach

• Prev by Date: Re: XP Client in 2k3 domain
• Next by Date: Re: Making Object Access Auditing Work
• Previous by thread: Re: Making Object Access Auditing Work
• Next by thread: Re: Making Object Access Auditing Work
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: DMZ NT4 TO Internal 2000 AD One-Way Trust via Firewall ... leverage an effectivity security policy to ensure that password complexities ... > currently a mess of local and domain users, no security policy, etc. ... DMZ, not publicly accessible) that aren't going away within the stated ... to non-DC web servers in the DMZ on 80 and 443 - none of which are directed ... (microsoft.public.windows.server.active_directory) RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts? ... > Checkpoint propaganda stuff. ... > spent most of my security consulting career trying to stomp out bloated ... >>All NetScreen appliances rely on custom-designed ASICs (Application ... >>Specific Integrated Circuits) for security policy enforcement. ... (Firewall-Wizards) Re: Okay.. what is going on here .. Security error? ... CAS assigns trust not based upon user credentials, ... against the security policy, and a permission grant is generated. ... you'll need to modify your security ... (microsoft.public.dotnet.security) RE: Security Policy-Please help ... your Masters in Systems & Network Security, ... Before you begin writing policies, you deffinetly want to make sure you've ... SANS Security Policy Project at http://www.sans.org/resources/policies/. ... L0phtcrack is one of the better tools for testing password ... (Security-Basics) Re: Solution to mIRC and Secedit Virus Networking Problems ... have determined that it was a Trojan, ... restored the security policy by running "secedit.exe ... passwords), and firewall, and possibly a backdoor. ... (microsoft.public.win2000.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.group_policy  > 2005-11