1) From the command line, launch "C:\WINNT\system32\secpol.msc" (you can
also find this in the GUI)
2) Under "Local Policies\Audit Policy", double click "Audit object access"
3) Click "Success" and/or "Failure" to turn auditing on for successful
and/or failed attempts you wish to audit
4) Close the above and then use Windows Explorer to find the folder or
specific file(s) you want to audit
5) Right-click this folder, select "Properties" and then click the
"Security" tab
6) Click "Advanced" button
7) Click "Auditing" tab
8) Click "Add" button
9) Type in who you want to audit (user or group name) or "Everyone" if you
wish
10) Click OK
11) Click the check boxes for whatever you want to audit (e.g., both "Delete
Subfolders and Files" and "Delete"). You can audit "Sucessful" and/or
"Failed" attempts as per 3 above
12) Repeatedly click OK to exit all the way out
Whatever you selected for auditing is now active and will appear in the
"Security" event log (the process should likely be very similar in Win2003)
also find this in the GUI)
2) Under "Local Policies\Audit Policy", double click "Audit object access"
3) Click "Success" and/or "Failure" to turn auditing on for successful
and/or failed attempts you wish to audit
4) Close the above and then use Windows Explorer to find the folder or
specific file(s) you want to audit
5) Right-click this folder, select "Properties" and then click the
"Security" tab
6) Click "Advanced" button
7) Click "Auditing" tab
8) Click "Add" button
9) Type in who you want to audit (user or group name) or "Everyone" if you
wish
10) Click OK
11) Click the check boxes for whatever you want to audit (e.g., both "Delete
Subfolders and Files" and "Delete"). You can audit "Sucessful" and/or
"Failed" attempts as per 3 above
12) Repeatedly click OK to exit all the way out
Whatever you selected for auditing is now active and will appear in the
"Security" event log (the process should likely be very similar in Win2003)
No comments:
Post a Comment