Forum

Ultimate Windows Security Forum » IT Audit » Windows Server » Auditing Folder Permissions - In detail...

Auditing Folder Permissions - In detail...

Rate Topic

Display Mode

Topic Options

Author

Message

security.guy

Posted 7/8/2010 1:36:03 PM

Forum Newbie

Group: Forum Members
Last Login: 7/8/2010 1:30:11 PM
Posts: 1, Visits: 0

Hi,

I was wondering if anybody has any pointers on how to do "detailed" folder auditing. I am aware of enable object auditing policies and setting up Change Permission and Take Ownership on the actual folder. I am interested in determining "who" granted/revoked "what" to "whom" and "when".

So if an IT admin grants permission to a folder to a user, I'd like to be able to see the details of that activity in the event log (Windows 2003). I currently see events 560, but this only tells me a DAC was changed... how do I monitor the details of what was changed via the event log and my SIEM?

Thanks!

Post #413

RandyFranklinSmith

Posted 8/1/2010 7:43:30 AM

Expert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 324, Visits: 0

That's as far as the native security log will take you. Beyond that you would need something like Quest's ChangeAuditor for Windows File Servers

Post #422

« Prev Topic | Next Topic »

Permissions

All times are GMT -5:00, Time now is 11:26am

Upcoming Webinars

Additional Resources

Home

Forum

User name:
Password:
	/ Forgot?
	Register

Home

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.