Re: Audit folder access
From: Doug Sherman [MVP] (dsherman_at_nospam.tampabay.rr.com)
Date: 12/14/04
- Next message: Chuck Connell: "Re: Suppress re-prompt for pwd on Server2003 ?"
- Previous message: Mark Oliver: "Windows ServerT 2003 Web Edition"
- In reply to: Joel: "Audit folder access"
- Next in thread: Joel: "Re: Audit folder access"
- Reply: Joel: "Re: Audit folder access"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 14 Dec 2004 15:16:29 -0500
First you need to enable auditing on the machine. You can do this through
Local Security Policy or Group Policy. Administrative Tools/Local Security
Policy - expand Local Policies, click on Audit Policy, and in the right pane
double click on Audit object access - select Success and Failure.
Second, enable auditing on the desired folder. Open Windows Explorer, right
click on the folder and select Properties. Click the Security tab, click
the Advanced button, and click the Auditing tab. Click the Add button and
add the users/groups you want to audit. Results appear in Event
Viewer/Security on the local machine.
Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"Joel" <jwolfe(removethis)@digimarc.com> wrote in message
news:uClACuf4EHA.3388@TK2MSFTNGP15.phx.gbl...
> Files that are required for an application on our win2k3 domain controller
> have been mysteriously getting deleted from the hard drive. this has
> occured a few times now and I have replaced these files. What is the
> procedure for setting up auditing on that specific directory so I can see
> who or what is accessing that directory?
>
> Thanks, Joel
>
>
- Next message: Chuck Connell: "Re: Suppress re-prompt for pwd on Server2003 ?"
- Previous message: Mark Oliver: "Windows ServerT 2003 Web Edition"
- In reply to: Joel: "Audit folder access"
- Next in thread: Joel: "Re: Audit folder access"
- Reply: Joel: "Re: Audit folder access"
- Messages sorted by: [ date ] [ thread ]
