RE: Enabling Auditing for files and folders

YES!
Thank you, Brandy. Very cool. That did the trick. I appreciate your help.
Now, is there a short answer as to why I couldn't do that creating a new
GPO? Is it because the default Domain Controller's GPO is already handling
the auditing of objects?



""Brandy Nee [MSFT]"" wrote:

> Hello there,
>
> Thank you for posting to the SBS Newsgroup.
>
> I understand that you want to audit files and folders on SBS 2K3, and you
> have created "Local Computer Policy" in Group Policy Object Editor.
>
> Actually, if you want to audit the file access on the SBS server, you
> should enable the policies in the Default Domain Controller GPO or a GPO
> linked to the DC container.
>
> 1. Go to Start, Programs, Administrative Tools, Domain Controller Security
> Policy.
>
> 2. Now you are in the Default Domain Controller Security Setting.
>
> 3. Expand Security Settings\Local Policies\Audit Policy.
>
> 4. On the right panel, enable the "Audit object access" policy.
>
> 5. Run "gpupdate" in a command prompt.
>
> 6. Go to the files and folders that you want to audit, right click it and
> select Properties.
>
> 7. Go to Security tab, click Advanced, go to Auditing Tab.
>
> 8. Check the two boxes under Add and then click Add.
>
> 9. Enter the object name in the blank, and click OK.
>
> 10. Test whether it works now.
>
> For the detailed steps, please refer to the following KB articles for
> detailed information.
>
> How To Set, View, Change, or Remove Auditing for a File or Folder in
> Windows 2000
> http://support.microsoft.com/kb/301640/en-us
>
> HOW TO: Set Up and Manage Operation-Based Auditing for Windows Server 2003,
> Enterprise Edition
> http://support.microsoft.com/?id=325898
>
> Thanks for your time. I am looking forward to your reply.
>
> Best regards,
>
> Brandy Nee
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
.

Relevant Pages

  • Re: audit object access failure.
    ... If you're a member of a domain, make sure that domain policy isn't ... auditing for the user that you wish to audit on this object. ... > Audit account logon events ...
    (microsoft.public.win2000.security)
  • Re: HELP - File Auditing
    ... > We have performed all of the below on many servers with no results... ... Auditing must be enabled on ... > individual objects for audit events to be logged. ... >>audit policy setting take effect only when the policy ...
    (microsoft.public.win2000.security)
  • Re: HELP - File Auditing
    ... We have performed all of the below on many servers with no results... ... Enabling either success or failure event auditing does ... individual objects for audit events to be logged. ... >audit policy setting take effect only when the policy ...
    (microsoft.public.win2000.security)
  • Re: Print Auditing
    ... Setup auditing on the Print Queue itself. ... Only configure successful writes to the queue, ... > Event Type: Success Audit ... >>> administrator to turn on auditing using Group Policy Editor. ...
    (microsoft.public.windows.server.security)
  • Re: Question on Audit Policy
    ... domain controller policy level. ... access auditing where you have to enable auditing for file/folder, etc.], ... > security policy for Audit directory service access ...
    (microsoft.public.win2000.security)