|
Posted by =?Utf-8?B?a2VpdGggYw==?= on March 5, 2007, 11:11 am
If you were Registered and logged in, you could reply and use other advanced thread options
Audit Object Access auditing is enabled (success&failure); I neglected
to list it in my email (good catch!)
"Roger Abell [MVP]" wrote:
> NTFS auditing is controlled by enabling audit of Object Access
> in the security policy, which you did not list as enabled.
>
>
> >I have Success/Failure turned on in the following Local Security Settings:
> > Audit Acct logon events
> > Audit Acct Management
> > Audit Directory Service Access
> > Audit Logon Events
> > Audit Policy Change
> >
> > I have a shared folder on the server that has the following permissions
> > set
> > on it:
> > Security (local NTFS): Everyone Full Control
> > Sharing permissons: TestUser1 - Read Only
> >
> > I have auditing set for "Everyone" of Type: Failure on the folder.
> >
> > When TestUser2 (who doesnt have access to the folder) double clicks on
> > the share, the "Access is Denied" message box is displayed. But I have no
> > 'failure' entry in the Security Event Log on the server.
> >
> > What am I doing wrong? Am I missing something?
> > What do I need to do to get the failed attempt captured in the
> > security event log?
> >
> > Any help would be appreciated.
> >
> > Thanks
> > K C
> > Security Analyst III
> > Self Regional Healthcare
> > Greenwood, SC USA
>
>
>
| 
XML site map