Jump to content

Auditing files and folders

Guest gscanga

By Guest gscanga
in Techno Babble

 Share

Recommended Posts

Guest gscanga

Guest gscanga

Posted
Posted

I've enabled auditing on our file server by enabling the "Audit Objects"

policy within the systems Local Policy settings - both Success and Failures.

I then went to the root of the folder and drilled into the Advanced Security

settings to add the 'Domain Users' group and only checked the options for

Successful 'Delete', 'Delete Subfolders and Files', and 'Change Permissions'.

 

However when I review the Security logs, I see 'Object Access' category

entries that specify 'Joe User' accessed this file with 'READ ATTRIBUTES'

permissions.

 

These, of course, are extraneous entries and aren't what I'm looking for.

Can anyone shed some light on why these entries are being logged when I

didn't select that level of auditing?

  • Replies 0
  • Created
  • Last Reply

Popular Days

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...