Re: Monitor file system changes
- From: "Ace Fekay [MCT]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 10 Aug 2009 19:34:18 -0400
"Dean" <Dean@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:8FA4AC08-1C8F-4F7B-9534-47A19EA2DEFC@xxxxxxxxxxxxxxxx
Hello,
I'm not 100% sure this is the correct discussion group but I thought I would
try here first. I am trying to find out if there is a way to be alerted by
some installable Microsoft tool when a user makes a change to critical files
on a file server or a domain admin modifies logon scripts. I know these are
kind of 2 different questions I just wanted to start here.
TIA,
Dean
Well, yes and no as far as which newsgrouup. But you're ok here. Auditing is your answer for both parts. There is AD auditing, and then there's file system and other resource auditing. Auditing events, will show up in the Event logs.
The following are my notes on Auditing.
==================================================================
Auditing
AccessEnum for folders:
http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx
ShareEnum for shares:
http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx
An appropriate need for eventcombnt as opposed to searching through 11 DCs
everytime.
http://technet.microsoft.com/en-us/security/cc297183.aspx
Logon Type Codes Revealed (EventIDs)
http://www.windowsecurity.com/articles/Logon-Types.html
Audit logon events: Security Configuration Editor; Security ServicesJan 21, 2005
If both account logon and logon audit policy categories are enabled, logons that use a domain account generate a logon or logoff event on ...
http://technet.microsoft.com/en-us/library/cc787567.aspx
Audit logon events
If you are auditing successful Audit account logon events on a domain controller, then workstation logons do not generate logon audits. ...
http://technet.microsoft.com/en-us/library/cc976395.aspx
Audit account logon events
http://technet.microsoft.com/en-us/library/cc787176(WS.10).aspx
Auditing failed logon events and account lockouts
http://technet.microsoft.com/en-us/library/cc671957(WS.10).aspx
How to Enable Success Logon Event Logging Dec 1, 2008
To enable success logon event logging using a local security policy ...
In the results pane, double-click Audit logon events and ensure that ...
http://technet.microsoft.com/en-us/library/cc431373.aspx
Auditing Security Events Best practices: Auditing Jan 21, 2005
For information about how to enable auditing in the logon event category, see Define or modify auditing policy settings for an event ...
http://technet.microsoft.com/en-us/library/cc778162.aspx
---
Which DC joined my machine to the domain?
Check the netsetup.log in % SystemRoot %\debug folder.
Also enable Auditing for Account management on the Default domain controllers GPO.
==================================================================
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.
Please reply back to the newsgroup or forum to benefit from collaboration among responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
For urgent issues, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
.
- References:
- Monitor file system changes
- From: Dean
- Monitor file system changes
- Prev by Date: Re: FSMO down
- Next by Date: Re: FSMO down
- Previous by thread: Monitor file system changes
- Next by thread: Re: Monitor file system changes
- Index(es):
Relevant Pages
|
