Sharing Folder and Files

[suzie]

I share one folder with my staffs and give some of
them 'Full Access' rights. The problem is, one of the
files missing or has been deleted.

How can I trace people who access the files (transaction
history)? By using Computer Management in Administrative
Tools I can only view log for current time not yesterday
of last week. Is there any way to monitor this things?

TQ

 

[Ashok Nair [MSFT]]

Hi Suzie,

First, you need to enable Local Security Auditing and then auditing on your
folders.
The audited entries can be viewed under Event Viewer --> Security. The
category will be object access.

Administrators of local computers can use the following method to set up
local auditing of security access rights on individual Windows 2000-based
computers.

--> Enabling Local Security Auditing

1. Log on to Windows 2000 with an account that has Administrator rights.
2. Click Start, point to settings, and then click Control Panel.
3. Double-click Administrative Tools.
4. Double-click Local Security Policy to start the Local Security Settings
snap-in in Microsoft Management Console (MMC).
5. Double-click Local Policies to expand it, and then double-click Audit
Policy.
6. In the right pane, double-click the policy you want to enable or disable.
7. Click the Success and/or Fail check box(es) as appropriate.

NOTE: If you are participating in a domain, and a domain-level policy is
defined, domain-level settings override the local policy settings.

--> Enable auditing on your folders.

To audit files and folders, you must be logged on as a member of the
Administrators group. You can set file and folder auditing only on drives
that are formatted to use NTFS. Because the security log is limited in
size, carefully select the files and folders to be audited. Also consider
the amount of disk space you are willing to devote to the security log. The
maximum size is defined in Event Viewer.

1. Locate the file or folder you want to audit.
2. Right-click the file or folder, click Properties, and then click the
Security tab.
3. Click Advanced, and then click the Auditing tab.
4. To set up auditing for a new group or user, click Add. Type the name of
the user you in the Name box, and then click OK.
5. Under Access, click Successful, Failed, or both for each access you want
to audit.
6. If you want to prevent files and subfolders within the tree from
inheriting these audit entries, click to select the Apply these auditing

entries check box.

NOTE: If the check boxes under Access are unavailable in the Auditing Entry
dialog box, or if the Remove button is unavailable in the Access Control
Settings dialog box, auditing has been inherited from the parent folder.

You can visit the following articles for more information:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;248260

http://support.microsoft.com/default.aspx?scid=kb;en-us;310399

HTH

Ashok
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Hi Ashok,

I have enabled the local security auditing and auditing on
my folders. How am I going to audit/view the reports of my
files and folders?

TQ

-----Original Message-----
Hi Suzie,

First, you need to enable Local Security Auditing and then auditing on your
folders.
The audited entries can be viewed under Event Viewer --> Security. The
category will be object access.

Administrators of local computers can use the following method to set up
local auditing of security access rights on individual Windows 2000-based
computers.

--> Enabling Local Security Auditing

1. Log on to Windows 2000 with an account that has Administrator rights.
2. Click Start, point to settings, and then click Control Panel.
3. Double-click Administrative Tools.
4. Double-click Local Security Policy to start the Local Security Settings
snap-in in Microsoft Management Console (MMC).
5. Double-click Local Policies to expand it, and then double-click Audit
Policy.
6. In the right pane, double-click the policy you want to enable or disable.
7. Click the Success and/or Fail check box(es) as appropriate.

NOTE: If you are participating in a domain, and a domain- level policy is
defined, domain-level settings override the local policy settings.

--> Enable auditing on your folders.

To audit files and folders, you must be logged on as a member of the
Administrators group. You can set file and folder auditing only on drives
that are formatted to use NTFS. Because the security log is limited in
size, carefully select the files and folders to be audited. Also consider
the amount of disk space you are willing to devote to the security log. The
maximum size is defined in Event Viewer.

1. Locate the file or folder you want to audit.
2. Right-click the file or folder, click Properties, and then click the
Security tab.
3. Click Advanced, and then click the Auditing tab.
4. To set up auditing for a new group or user, click Add. Type the name of
the user you in the Name box, and then click OK.
5. Under Access, click Successful, Failed, or both for each access you want
to audit.
6. If you want to prevent files and subfolders within the tree from
inheriting these audit entries, click to select the Apply these auditing

entries check box.

NOTE: If the check boxes under Access are unavailable in the Auditing Entry
dialog box, or if the Remove button is unavailable in the Access Control
Settings dialog box, auditing has been inherited from the parent folder.

You can visit the following articles for more information:

http://support.microsoft.com/default.aspx?scid=kb;EN- US;248260
us;310399

HTH

Ashok
This posting is provided "AS IS" with no warranties, and

confers no rights.

 

[Ashok Nair [MSFT]]

Hi,

The audited entries can be viewed under Event Viewer --> Security. You will
need to look for the category "object access".

You can also apply a filter to make the search easier. Right-click
Security, go to view and select filter.

Hope this helps.

Ashok
This posting is provided "AS IS" with no warranties, and confers no rights.