Auditing Specific Events - Page 2

By Brien M. Posey | Posted Nov 10, 2000
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

As you can see, you can audit quite a few actions. Because some of the actions may be a bit unclear, and because other actions aren't listed in the figure, I'll describe each action:

  • Traverse Folder/Execute File--In the case of a folder, this event is triggered when a member of the group tries to pass through the folder in an attempt to reach a subfolder or parent folder. If this window were for a file, the event would be triggered if a member of the group tried to run the program.

  • List Folder/Read Data--In the case of a folder, the event is triggered when a member of the group tries to view the contents of the folder. In the case of a file, the event is triggered when a member of the group tries to read data from within the file.

  • Read Attributes and Read Extended Attributes--This event is triggered when a member of the group tries to display the attributes (or extended attributes) of the file or folder.

  • Create Files/Write Data--This event is triggered when a member of the group tries to create files in the folder or add data to the file.

  • Create Folders/Append Data--This event refers to the condition in which a member of the group either creates a subfolder within the existing folder or appends data to the end of the file without overwriting any of the file's existing data.

  • Write Attributes and Write Extended Attributes--These events refer to a member of the group trying to change the file or directory's attributes or extended attributes.

  • Delete Subfolders and Files--This event is triggered when a member of the group deletes a file or subdirectory within an audited directory.

  • Delete--The Delete action is logged when a group member tries to delete a file or folder.

  • Read Permissions--This event is logged when a group member tries to see who has permissions to a file or folder, or if the group member tries to determine the owner of the file or folder.

  • Change Permissions--This event is logged when a group member tries to change who has access to a file or folder.

  • Take Ownership--The Take Ownership event is triggered when a group member attempts to take ownership of a file or folder.

Remember that you can audit either successes (for example, the file was deleted) or failures (Bob tried to delete a file) or both for any event. In Part 4 of this series, I'll continue the discussion by talking about auditing Active Directory objects. //

Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the director of information systems for a national chain of health care facilities and as a network engineer for the Department of Defense. Because of the extremely high volume of e-mail that Brien receives, it's impossible for him to respond to every message, although he does read them all.

Actions You Can Audit

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter