Audit file for failure

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I want to audit logon events and object access (specific files) for success
and failure in a Windows 2000 Domain. I am using Windows XP Pro (SP1) on the
machines and have 24 computers on an Ethernet. I want to know if and when
unauthorized persons are writing to these files. I have the audit policies in
place, rebooted, and then set up auditing on the folder with the files. I
then shared the folder and verified the shared folder and NTFS permissions.
The Security log shows plenty of “successes†but no “failures†when I try to
change the file over the network. It works with both “successes†and
“failures†when I log in as a user on the local machine and try to change the
file. What did I miss to make this work over the network?
 
mjnjr said:
I want to audit logon events and object access (specific files) for success
and failure in a Windows 2000 Domain. I am using Windows XP Pro (SP1) on
the
machines and have 24 computers on an Ethernet. I want to know if and when
unauthorized persons are writing to these files. I have the audit policies
in
place, rebooted, and then set up auditing on the folder with the files. I
then shared the folder and verified the shared folder and NTFS
permissions.
The Security log shows plenty of "successes" but no "failures" when I try
to
change the file over the network. It works with both "successes" and
"failures" when I log in as a user on the local machine and try to change
the
file. What did I miss to make this work over the network?
Click to expand...

The share-level permissions are sufficiently loose so that the attempt
will get through to the NTFS level failure ??
 
I have just "read" permission on the shared folder. Will that prevent
auditing on files within the folder?
 
I have "read" permission on the folder. Will that prevent auditing for
failure on files within the folder?
 
It will not prevent auditing, but it seems reasonable that it
will prevent the redirector from allowing access to the file
at the NTFS level, and there is not sufficient permission to
use the share that way.
 
Back
Top