|
Posted by =?Utf-8?B?VGluYSBTaGllbGRz?= on December 22, 2006, 2:21 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I have 1,000 servers on which I want to enable file access auditing. I tried
to use a GPO; however, this method replaced the permissions on the files. I
want to just add auditing to the SACL.
Am I missing something in the GPO? Can I use a registry key to turn this on?
Any advice would be greatly appreciated.
Tina
|
|
Posted by Roger Abell [MVP] on December 22, 2006, 3:46 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Tina,
Use the Security Template snapin to define the desired auditing.
As you discovered, attempts to set filesystem NTFS audit will
automatically define a DACL as well as the SACL you are after.
After you have saved the template, just go in with a text editor
and delete the DACL part, leaving only the SACLpart in the SDDL
generated. The template may then be imported into a GPO for broad
application. You may want to look up the syntax of SDDL on the
msdn.microsoft.com site to guide you. (Note, it is best to not
apply NTFS settings in a GPO that carries other settings, since
when these are changed, reapplication will be triggered, potentially
causing repeated, needless, filesystem passes over large storage).
Roger
>I have 1,000 servers on which I want to enable file access auditing. I
>tried
> to use a GPO; however, this method replaced the permissions on the files.
> I
> want to just add auditing to the SACL.
>
> Am I missing something in the GPO? Can I use a registry key to turn this
> on?
>
> Any advice would be greatly appreciated.
>
> Tina
|
|
Posted by B-Man on December 22, 2006, 5:30 pm
If you were Registered and logged in, you could reply and use other advanced thread options
that seems an awfully large amount and with a network size that big you
likely have IT Professionals to help you with that. talk to them first and
then ask us for a second opignion. your Network may have a few policies that
might make our advice useless or problem causing, in addition to you getting
into trouble.
TALK TO THE PROS FIRST !!!
Brian M
>I have 1,000 servers on which I want to enable file access auditing. I
>tried
> to use a GPO; however, this method replaced the permissions on the files.
> I
> want to just add auditing to the SACL.
>
> Am I missing something in the GPO? Can I use a registry key to turn this
> on?
>
> Any advice would be greatly appreciated.
>
> Tina
|
|
Posted by =?Utf-8?B?VGluYSBTaGllbGRz?= on January 2, 2007, 9:29 am
If you were Registered and logged in, you could reply and use other advanced thread options
Thanks for the info. I'll test this in my lab.
Best regards,
Tina
"Roger Abell [MVP]" wrote:
>
> Tina,
>
> Use the Security Template snapin to define the desired auditing.
> As you discovered, attempts to set filesystem NTFS audit will
> automatically define a DACL as well as the SACL you are after.
> After you have saved the template, just go in with a text editor
> and delete the DACL part, leaving only the SACLpart in the SDDL
> generated. The template may then be imported into a GPO for broad
> application. You may want to look up the syntax of SDDL on the
> msdn.microsoft.com site to guide you. (Note, it is best to not
> apply NTFS settings in a GPO that carries other settings, since
> when these are changed, reapplication will be triggered, potentially
> causing repeated, needless, filesystem passes over large storage).
>
> Roger
|
|
Posted by Roger Abell [MVP] on January 3, 2007, 3:41 am
If you were Registered and logged in, you could reply and use other advanced thread options
http://msdn2.microsoft.com/en-us/library/aa379567.aspx
You would just remove the D:xx(yyy) part
Roger
> Roger,
>
> Thanks for the info. I'll test this in my lab.
>
> Best regards,
>
> Tina
>
> "Roger Abell [MVP]" wrote:
>
>>
>> Tina,
>>
>> Use the Security Template snapin to define the desired auditing.
>> As you discovered, attempts to set filesystem NTFS audit will
>> automatically define a DACL as well as the SACL you are after.
>> After you have saved the template, just go in with a text editor
>> and delete the DACL part, leaving only the SACLpart in the SDDL
>> generated. The template may then be imported into a GPO for broad
>> application. You may want to look up the syntax of SDDL on the
>> msdn.microsoft.com site to guide you. (Note, it is best to not
>> apply NTFS settings in a GPO that carries other settings, since
>> when these are changed, reapplication will be triggered, potentially
>> causing repeated, needless, filesystem passes over large storage).
>>
>> Roger
>
|
| Similar Threads | Posted | | Enable Security Auditing using VBSCRIPT | June 4, 2007, 7:27 pm |
| How to enable Auditing to trace who disabled user's account. | January 20, 2006, 12:05 pm |
| Execute File Auditing on a File Share | April 25, 2007, 11:46 pm |
| Auditing File deletion | April 19, 2006, 3:26 am |
| Auditing / File Security | May 22, 2008, 1:02 pm |
| Auditing Whom delete an file or folder. | June 15, 2005, 3:06 am |
| Filtering the auditing of file access | May 10, 2006, 4:20 am |
| File auditing for MOVED files. | May 30, 2008, 11:26 am |
| Security Event Log Performance for File and Folder Auditing | January 26, 2007, 3:59 pm |
| Should I enable TLS 1.0? | October 27, 2006, 7:38 pm |
|
XML site map