O
Ondrej Sevecek
Hello,
how to set up auditing on file share access?
thanks Ondra.
how to set up auditing on file share access?
thanks Ondra.
H
Herb Martin
how to set up auditing on file share access?
I have never found a way to do this.
I have never found a way to do this.
H
Herb Martin
[Sorry about the accidental send on the previous message]
I have never found a way to do this -- if you figure out a way please
post it.
Since "shares" are "objects" then in theory you could set an Auditing-type
ACL (SACL) just as you can set a Permission-type ACL (DACL.)
Perhaps with a custom program it would not be that hard but I have never
seen such a program -- there isn't one included with the product or the
ResKit/Support Tools etc.
I have never found a way to do this -- if you figure out a way please
post it.
Since "shares" are "objects" then in theory you could set an Auditing-type
ACL (SACL) just as you can set a Permission-type ACL (DACL.)
Perhaps with a custom program it would not be that hard but I have never
seen such a program -- there isn't one included with the product or the
ResKit/Support Tools etc.
O
Ondøej ©eveèek
Shares are not executive objects. Redirector uses some other object instead
to represent the share (perhaps FileObject). See winobj.exe, there is no
object type called share. Redirector is also not executive component and
ObCreateObject() API is not exported from Kernel to enable redirector or
some others to create their own objects.
So traditional SACL cannot by placed. I hope, redirector have its own method
somewhere hidden.
Ondra.
to represent the share (perhaps FileObject). See winobj.exe, there is no
object type called share. Redirector is also not executive component and
ObCreateObject() API is not exported from Kernel to enable redirector or
some others to create their own objects.
So traditional SACL cannot by placed. I hope, redirector have its own method
somewhere hidden.
Ondra.
Herb Martin said:
O
Ondøej ©eveèek
I suppose, LanMan uses either file objects each for each share and let
system to check the permissions, or some other object (e.g. registry key).
But I am actually not sure the way it works, but as you can see in free
WinObj software (in ObjectTypes) from sysinternals.com, there is no such
object as "share".
More the same, LanMan is only ordinary server among many other network
servers on Windows platform (even though the most neccessary), but must work
under common restrictions. And the restriction here is that no other
component than kernel (NTOSKRNL.EXE) should (and could) create objects.
Active Directory cannot use OS object as well. Security checking is done
some other way. I suppose
Ondra.
system to check the permissions, or some other object (e.g. registry key).
But I am actually not sure the way it works, but as you can see in free
WinObj software (in ObjectTypes) from sysinternals.com, there is no such
object as "share".
More the same, LanMan is only ordinary server among many other network
servers on Windows platform (even though the most neccessary), but must work
under common restrictions. And the restriction here is that no other
component than kernel (NTOSKRNL.EXE) should (and could) create objects.
Active Directory cannot use OS object as well. Security checking is done
some other way. I suppose
Ondra.
H
Herb Martin
Not convinced now due to your lack of certainty.
Why couldn't the Server service create an object for the
purpose of assigning and using the permissions?
My guess would be that way unless you are correct in your
first assumptions.
Why couldn't the Server service create an object for the
purpose of assigning and using the permissions?
My guess would be that way unless you are correct in your
first assumptions.
Ondøej ©eveèek said:I suppose, LanMan uses either file objects each for each share and let
system to check the permissions, or some other object (e.g. registry key).
But I am actually not sure the way it works, but as you can see in free
WinObj software (in ObjectTypes) from sysinternals.com, there is no such
object as "share".
More the same, LanMan is only ordinary server among many other network
servers on Windows platform (even though the most neccessary), but must work
under common restrictions. And the restriction here is that no other
component than kernel (NTOSKRNL.EXE) should (and could) create objects.
Active Directory cannot use OS object as well. Security checking is done
some other way. I suppose
Ondra.