XP Home Advanced Security Question *blegh*

  • Thread starter Thread starter Elijah
  • Start date Start date
E

Elijah

"Microsoft Knowledge Base Article - 310399

HOW TO: Audit User Access of Files, Folders, and Printers in Windows XP

The information in this article applies to:
Microsoft Windows XP Professional
Microsoft Windows XP Home Edition"

Further down the page...

"... computer to audit user access to files, folders and printers. This facility is unavailable on Windows XP Home Edition."

Why, Why, Whyyyyyy! *sobbing*

Happens all the time on KB Articles.

Can someone answer me this...

What is available for XP Home of the following items:
1. Connecting to a remote registry
2. Using Computer Administration to Access a remote computer
3. Audit Program and Registry Activity

Thanks for ANY help along these lines
 
-----Original Message-----
"Microsoft Knowledge Base Article - 310399

HOW TO: Audit User Access of Files, Folders, and Printers in Windows XP

The information in this article applies to:
Microsoft Windows XP Professional
Microsoft Windows XP Home Edition"

Further down the page...

"... computer to audit user access to files, folders and
printers. This facility is unavailable on Windows XP Home
Edition."
Why, Why, Whyyyyyy! *sobbing*

Happens all the time on KB Articles.

Can someone answer me this...

What is available for XP Home of the following items:
1. Connecting to a remote registry
2. Using Computer Administration to Access a remote computer
3. Audit Program and Registry Activity

Thanks for ANY help along these lines

Sorry but none of the above (or not to the degree you seem
to require).

You should bear in mind that (generalising a bit) Pro is
intended for the office network environment and therefore
includes those feature and others to aid administration of
such a network. By contrast Home is intended as an as-is
operating system for stand-alone usage, and as such has
had those "unnecessary" features stripped deliberately for
the sake of simplicity... amongst other reasons of
course ;-)

If security and remote admin are what you really need,
then you should consider Pro I'm afraid.

jc
 
thats "microsoft logic" for ya buddy! :-(

however this feature is very much available in windows xp
home edition ;-)

say you wanted to restrict access to a folder and audit
failed attempts at accessing it by all unathorized users.

first: enable auditing of object access. start -> run ->
regedit -> navto: hkey_local_machine\security\ ->
right-click this key -> permissions -> select adminstrators
(%machinename\administrators) and check full control: allow
-> click advanced -> check replace permissions entries on
all child objects with entries shown here that apply to
child objects -> ok/yes/ok/ok -> now navto:
hkey_local_machine\security\policy\poladtev\(default) ->
double-click on the default value with. you should see
something like this: (note that i have switched off most
auditing, you will see some 03's)

0000 01 00 07 00 | XX 00 00 00 ........ -> some audit
settings(mostlyignore) | system events
0008 XX 00 00 00 | XX 00 00 00 ........ -> logon events |
object access
0010 XX 00 00 00 | XX 00 00 00 ........ -> privilege use
| process tracking
0018 XX 00 00 00 | XX 00 00 00 ........ -> policy change
| account management
0020 XX 00 00 00 | XX 00 00 00 ........ -> directory
service acccess | account logon
0028 09 00 00 00 | .... -> the number of
audits(mostlyignore)

where XX hold the setting as follows:

if success = no & failure = no -> setting = 00
if success = yes & failure = no -> setting = 01
if success = no & failure = yes -> setting = 02
if success = yes & failure = yes -> setting = 03

either select the byte fourth from the left, 2 from the top
and type its replacement setting or place cursor next to
the byte and user delete or backspace and type its replacement.

thus line 2: 0008 XX 00 00 00 | 02 00 00 00 ........ ->
logon events | object access

second: setup auditing on the folder. to do this reboot
into safe mode (microsoft logic) right-click the folder ->
properties -> security -> advanced -> uncheck inherit from
parent the permissions entries that apply to child objects.
Include these with entries explicity denfined here. ->
remove -> add -> advanced -> find now -> separately select
the users from the list that you want to allow access to
the folder -> ok/ok -> check the allow full control box,
all the boxes should check, if you want to setup specific
permissions for certain users only select the boxes as
needed -> ok -> check replace permissions entries on all
child objects with entries shown here that apply to child
objects -> switch to the auditing tab -> uncheck inherit
from parent the auditing entries that apply to child
objects. Include these with entries explicity denfined here
-> check replace auditing entries on all child objects with
entries shown here that apply to child objects -> click add
-> advanced -> find now -> select the "everyone" group from
the list -> ok/ok -> check the failed full control box, all
the boxes should check, if you want to setup specific
permissions for certain users only select the boxes as
needed -> ok/ok/yes/ok.

third: check; reboot into normal mode and login as a user
that is not allowed and try accessing the folder - the
error %folder% is not accessible. access is denied should
appear. now for the bad news, check the eventlog -> start
-> run -> eventvwr.msc -> select security -> there should
be some failed audit entries with the category object
access and the user in question -> double-click an event to
see more details like the folder they were trying to
access. the bad news is there will be about 80 entries for
one attempted access when 1 would be good enough - like i
said "microsoft logic"

as a result of the massive logs produced, be very selective
on the auditing that you do setup

in regards to registry audit, right-click the registry key
-> permissions -> advanced -> auditing.
in regards to computer administration on remote, do start
-> run -> mmc -> add/remove snapin -> add -> select
required snap-in such as computer management -> add ->
select another computer -> either type \\%machinename% or
browse -> finish.

see how you get on with this and if you have any further
questions on this, feel free to email them direct, if you
want, as this newsgroup "moves" fairly quickly and only
check by every couple of days.

peter


-----Original Message-----
"Microsoft Knowledge Base Article - 310399

HOW TO: Audit User Access of Files, Folders, and Printers in Windows XP

The information in this article applies to:
Microsoft Windows XP Professional
Microsoft Windows XP Home Edition"

Further down the page...

"... computer to audit user access to files, folders and
printers. This facility is unavailable on Windows XP Home
Edition."
 
Back
Top