Announcement

Collapse
No announcement yet.

Domain Admins Changing File Permissions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain Admins Changing File Permissions

    I'm fairly certain there's a way for me to check to see if a domain admin changed permissions on a file. I just don't know what to specifically look for. I'm looking through my log files and can't pin point anything. This is my scenario...

    User A has domain admin rights which was given for her job as a software package admin. This was done prior to me being here and I'm not sure if she still needs it.
    User B is in our Payroll dept and needs access to a certain spreadsheet in a locked down folder.
    I granted User B full access to that folder by putting her in a security group that has full access. I then granted her full access to that specific file. She was able to access it for about a month.

    Two days ago, User B contacts me and says "I no longer have access to that spreadsheet, I get this error (insert permissions error).
    I logged in and granted her access that night.
    She tried to access it last night and got the same error.
    I went and checked permissions and her name is gone from the permissions list.

    I just granted her full access permissions for that file and she can access it as of this point.

    What I think is going on is this; User A is logging in and changing permissions for some reason. (I know the reason but I won't bore ya'll with it).

    I've got to be able to prove that is what she's doing. I know it can be done, like I said, I just don't know what to look for and in what log file.

    Any help, my masters?
    I'd rather check my Facebook than face my checkbook...

    Thanks,
    Todd

  • #2
    Have you enabled auditing of object access (via group policy and also on the file) If so, you have the option to audit changes to permissions, ownership etc, but it is not retroactive
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Originally posted by Ossian View Post
      Have you enabled auditing of object access (via group policy and also on the file) If so, you have the option to audit changes to permissions, ownership etc, but it is not retroactive
      Unfortunately, no, I don't have auditing enabled. I think I'm going to do that now and see what happens. There's a better than average chance that User A will go in and revert the changes... That is if she even knows how to do that. At this point, I'm not sure.
      I'd rather check my Facebook than face my checkbook...

      Thanks,
      Todd

      Comment

      Working...
      X