file security

Discussion in 'Server Security' started by Scott Elgram, Jun 25, 2004.

  1. Scott Elgram

    Scott Elgram Guest

    Is there a way to find out which user last modified any particular file
    over a network?
    Scott Elgram, Jun 25, 2004
    1. Advertisements

  2. Once way is to enable auditing to track access to files. Then check the
    security log after this enabled.
    Andrew Sword [MVP], Jun 26, 2004
    1. Advertisements

  3. Scott Elgram

    Scott Elgram Guest

    I'm not entirely sure but I believe auditing is enabled. How can I
    check / enable it?
    I looked through the security log files on the server but they did not tell
    me much of anything.


    Scott Elgram, Jun 28, 2004
  4. Scott Elgram

    Roger Abell Guest

    Hi Scott

    For NTFS objects there are two steps to enable auditing

    In general you need to set auditing for success and/or failure
    as needed in the Audit Policy section of a GPO that has the
    machines with the storage in scope of the GPO, or in the
    local security policy if there is no overwriting GPO.
    Here you would set on auditing of object access.

    Then, in specific, you need to set auditing in the security
    of the NTFS object(s) that should generate audit records.
    This is in the Auditing tab within the advanced view in
    the security dialog of the properties of the object, and this
    can be set to inherit onto contained objects.

    Roger Abell
    Microsoft MVP (Windows Server System: Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    Roger Abell, Jun 30, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.