File auditing not working, need help
- From: "J Hoiby" <google@xxxxxxxxxxx>
- Date: 3 Apr 2006 12:36:40 -0700
We're having a problem with files "disappearing" from an SBS 2003-based
network share and I'm trying to set up an audit so we can find out
what's happening to them.
I've tried the following but I'm getting no audit entries in the
security log.
Setup Steps
-----------
Steps performed on the domain controller where the share is located,
unless otherwise noted:
1. Setup Auditing at file system folder:
- Added an entry for the "Everyone" group to monitor folder and file
successful/failed deletes.
- Propogated the audit entry to all children.
- Tested: Created and deleted a file (on the server, logged in as
admin).
2. Setup an audit GPO:
- Created new GPO called "Audit Policy"
- Edited and set Windows Settings > Security Set > Local Pol > Audit
Pol > Audit Object Access to Enabled (both success and fail)
- Linked GPO to domain
- Ran gpupdate on server
3. Tested:
- Ran GP model, verified "Audit Policy" is being applied.
- Test 1: Created and deleted a file (on the server, logged in as
admin), no entries were added in the DCs security log (the server where
the files are physically stored).
- Test 2: Created and deleted a file (on the suspects NT4
workstation, logged in as the suspect), no entries were added in the
DCs security log (the server where the files are physically stored).
In every test, there were no related entries added to the security log
on the DC where the files are stored/shared. There are the usual
numerous logon/logoff entries, but that's it.
Am I missing some steps?
Thanks in advance,
James
.
- Prev by Date: Re: MMC doesn`t run
- Next by Date: Re: Login script questions
- Previous by thread: Printing preferences not updating for users
- Next by thread: Re: Login script questions
- Index(es):
Relevant Pages
|
