Auditing Object Access

Discussion in 'Windows Server' started by JohnB, Aug 7, 2008.

  1. JohnB

    JohnB Guest

    This is kind of an usual situation; approximately 50 users whose primary
    use of the network is to RDP into a server to use a company application. It
    is a Windows 2003 server that was setup as a DC. The clients are Vista and
    XP, all Home edition. So none of the computers are joined to the domain (I
    know, unusual).

    The server is backed up at night by Scheduler using xcopy in a batch file.
    Everything seems to work fine with the backup.

    But, almost every day, files and sub-folders turn up missing from one
    particular folder on the server. They are primarily Word and Excel files
    (all accessed locally using RDP).

    I redirect the output of the xcopy commands to a text file. Today when
    someone reported files missing from the folder, I looked at that backup log
    and could tell the number of sub-folders was down considerably from the day
    before.

    My guess is this could be one of two things; either the xcopy command is
    somehow *loosing* files/folders or, someone is accidentally deleting or
    moving files during the day. I have never seen folders come up missing
    after an xcopy. So am leaning towards the problem being with a user
    moving/deleting them. I would like to use auditing to find out if a user is
    responsible.

    My question is: how do I use Auditing for Object Access if none of the
    computers are joined to the domain?
    If they aren't, I can't configure the GP.

    TIA
     
    JohnB, Aug 7, 2008
    #1
    1. Advertisements

  2. Hello JohnB,

    If the users have a domain user account, which i assume, because they use
    RDP to connect to the server, then open the folder properties where the data
    is stored, go to Security Tab and enable auditing on the folder, choose the
    user accounts or better create a group, move all user accounts to the group
    and add the group for auditing. Now you can see in the event log what the
    users have done.

    BTW, using a DC for normal user logons as a Terminal server is a really bad
    decision from the point of security. A DC should always do it's main work
    and not be accessed by normal users. For this kind of application server/terminal
    server use a member server.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Aug 7, 2008
    #2
    1. Advertisements

  3. JohnB

    JohnB Guest

    Oh ok... I thought I had to also configure a GP.

    I agree, the way the network is setup isn't ideal. But I just started
    working here, and management here is resistant to change. Maybe some day.
    By the way; can Vista Home and XP Home computers join a domain?
     
    JohnB, Aug 7, 2008
    #3
  4. Hello JohnB,

    Vista versions that can join a domain:
    Vista Business
    Vista Business N
    Vista Enterprise
    Vista Ultimate

    XP versions that can join a domain:
    XP Professional

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Aug 7, 2008
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.