Announcement

Collapse
No announcement yet.

AD Folder logging

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Folder logging

    Hello gurus,

    First time poster here. I had a dilemma to log anyone who has administrator right that changes any shared folder. Can this be done through event viewer logging?

    I had 6 of my users complaining that their network folder has been compromised.
    that said individual users Folder sharing permission and security are setup to their own only AD user account.

    I wanted if i can have a logging system that logs who ever changes the Folder settings and add their own usernames to have access to someone's folder.

    We have a couple's of username that has administrator privileges for some reasons.

    Any suggestions is greatly appreciated!

    Thanks!
    Jr.

  • #2
    Re: AD Folder logging

    I don't know how many users you are dealing with, but if I was in your situation I would review the account permissions first and determine who should have the right to view and change permissions on shared folders.

    You say "We have a couple's of username that has administrator privileges for some reasons" - why not remove administrative rights from their accounts if they should not have them?
    A recent poll suggests that 6 out of 7 dwarfs are not happy

    Comment


    • #3
      Re: AD Folder logging

      The 5 users who uses admin privileges had an engineering softwares that needs it.

      i just want to make sure it won't happen again and i need something to back me up
      if ever someone make changes on the folder of other users.
      i'd like to know if this is doable by activating auditing on security logs.
      I want to know which users are changing the Folder permission on the AD server.

      Thanks!
      Jr

      Comment


      • #4
        Re: AD Folder logging

        Originally posted by yvchsama View Post
        The 5 users who uses admin privileges had an engineering softwares that needs it.

        i just want to make sure it won't happen again and i need something to back me up
        if ever someone make changes on the folder of other users.
        i'd like to know if this is doable by activating auditing on security logs.
        I want to know which users are changing the Folder permission on the AD server.

        Thanks!
        Jr
        Well, permissions can be set granularly so you can still configure them so that users do not have permission to change these settings

        When you say that they need need admin permissions because they need to use software that requires it - you don't need to give them domain admin permissions. They can have local admin permissions which will not allow them to change shared folder permissions on another machine.

        Are these shares located on a W2k3 server? Is the software installed locally?

        I still think it would be better to eliminate the source of the problem and prevent users from changing these settings rather than trying to catch them out.

        When was the last time you changed the domain admin pasword? Who else is a member of the domain administrators group?
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          Re: AD Folder logging

          Originally posted by yvchsama View Post
          Hello gurus,

          First time poster here. I had a dilemma to log anyone who has administrator right that changes any shared folder. Can this be done through event viewer logging?

          I had 6 of my users complaining that their network folder has been compromised.
          that said individual users Folder sharing permission and security are setup to their own only AD user account.

          I wanted if i can have a logging system that logs who ever changes the Folder settings and add their own usernames to have access to someone's folder.

          We have a couple's of username that has administrator privileges for some reasons.

          Any suggestions is greatly appreciated!

          Thanks!
          Jr.
          Use auditting. Enable object access under secpol.msc. That will append an event to the eventvwr under security.

          Comment


          • #6
            Re: AD Folder logging

            Thank you guys! I did enable the object access and that will do for
            us for the moment.

            Thanks!
            Jr

            Comment

            Working...
            X