RE: Folder Permissions Audit Utility

Hi David,

Thanks for posting in our newsgroup.

Besides Pedro's suggestion, you can enabled Change Permission auditing, if
anyone changes the permission to this folder, Events 560 and 562 will be
shown in the Event Viewer (Security Logs).

To see these events, first you need to take the following steps to
configure auditing:

1. Click Start, click Run, type "gpmc.msc" and click OK.
2. Expand Domains -> your domain -> Domain Controllers.
3. Right-click Small Business Server Auditing Policy and click Edit.
4. Expand Computer Configuration -> Windows Settings -> Security Settings
-> Local Policies -> Audit Policy.
5. In the right pane, double-click "Audit object access".
6. To audit successful access of specified files, folders, select the
Success check box.
7. To enable auditing of both, select both check boxes.
9. Click OK.
10. Run "gpupdate /force" or restart the computer so that the policy takes
effect on SBS.

After you enable auditing, you need to specify the files, folders that you
want audited. To do so:

1. In Windows Explorer, locate the file or folder you want to audit.
2. Right-click the file, folder that you want to audit, and then click
Properties.
3. Click the Security tab, and then click Advanced.
4. Click the Auditing tab, and then click Add.
5. In the "Enter the object name to select" box, type the name of the user
or group whose access you want to audit.
6. Click OK.
7. Select the Successful or Failed check boxes for Change Permission action
you want to audit, and then click OK.
8. Click OK, and then click OK.

More information:

174073 Auditing User Authentication
http://support.microsoft.com/?id=174073

Hope this helps.

If you need further assistance, please don't hesitate to let me know.

Best regards,

Robert Li(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================

This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
<Thread-Topic: Folder Permissions Audit Utility
<thread-index: AchNiFn+ZzSp3ISGS7SwqUmIkH4XQw==
<X-WBNR-Posting-Host: 207.46.19.168
<From: =?Utf-8?B?RGF2ZSBIb3Ju?= <DaveHorn@xxxxxxxxxxxxxxxxxxxxxxxxx>
<Subject: Folder Permissions Audit Utility
<Date: Wed, 2 Jan 2008 13:42:20 -0800
<Lines: 12
<Message-ID: <6FAD2229-D0CB-4910-86E5-266F66472C40@xxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain;
< charset="Utf-8"
<Content-Transfer-Encoding: 7bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
<Newsgroups: microsoft.public.windows.server.sbs
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:84387
<NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<We run a Small Business Server 2003 but this question is more general and
not
<so much specific to SBS 2003.
<
<I'm looking for any utility that will allow me to successfully audit file
<folders on our server. As a general rule, I lock folders with group
<memberships but this isn't always possible and there are a number of
folders
<on our server that have both group and individual permissions assigned to
the
<folder.
<
<I'd love to know if there's anything out there that will allow me to
<generate a report of each folder on the server and the effective
permissions
<on that folder (not just file shares but subfolders of shares as well).
<

.

Relevant Pages

  • Re: Autoexec.nt file missing?
    ... you can't enable Auditing on a computer running Home Edition. ... You must specify what to audit. ... >> example, a file, folder, registry key, printer, and so forth-that has its ...
    (microsoft.public.windowsxp.newusers)
  • Re: Autoexec.nt file missing?
    ... you can't enable Auditing on a computer running Home Edition. ... You must specify what to audit. ... example, a file, folder, registry key, printer, and so forth-that has its ...
    (microsoft.public.windowsxp.newusers)
  • Re: Autoexec.nt file missing?
    ... you can't enable Auditing on a computer running Home Edition. ... You must specify what to audit. ... > example, a file, folder, registry key, printer, and so forth-that has its ...
    (microsoft.public.windowsxp.newusers)
  • RE: Monitor File Access, Change or Delete
    ... folder with auditing for Windows Server 2003. ... Locate the file or folder that you want to audit. ... and then click the Auditing tab. ...
    (microsoft.public.windows.server.sbs)
  • Re: Minimum NTFS Permissions - Theres such a thing???
    ... ?2001 Microsoft Corporation. ... HOW TO: Set Minimum NTFS Permissions Required for IIS 5.0 to Work WGID:198 ... " List Folder Contents" ...
    (microsoft.public.inetserver.iis.security)