dcsimg

Auditing Specific Events - Page 2

 By Brien M. Posey | Posted Nov 10, 2000
Page 2 of 2   |  Back to Page 1
Print Article

WEBINAR:
On-Demand

EUC with HCI: Why It Matters


As you can see, you can audit quite a few actions. Because some of the actions may be a bit unclear, and because other actions aren't listed in the figure, I'll describe each action:

  • Traverse Folder/Execute File--In the case of a folder, this event is triggered when a member of the group tries to pass through the folder in an attempt to reach a subfolder or parent folder. If this window were for a file, the event would be triggered if a member of the group tried to run the program.

  • List Folder/Read Data--In the case of a folder, the event is triggered when a member of the group tries to view the contents of the folder. In the case of a file, the event is triggered when a member of the group tries to read data from within the file.

  • Read Attributes and Read Extended Attributes--This event is triggered when a member of the group tries to display the attributes (or extended attributes) of the file or folder.

  • Create Files/Write Data--This event is triggered when a member of the group tries to create files in the folder or add data to the file.

  • Create Folders/Append Data--This event refers to the condition in which a member of the group either creates a subfolder within the existing folder or appends data to the end of the file without overwriting any of the file's existing data.

  • Write Attributes and Write Extended Attributes--These events refer to a member of the group trying to change the file or directory's attributes or extended attributes.

  • Delete Subfolders and Files--This event is triggered when a member of the group deletes a file or subdirectory within an audited directory.

  • Delete--The Delete action is logged when a group member tries to delete a file or folder.

  • Read Permissions--This event is logged when a group member tries to see who has permissions to a file or folder, or if the group member tries to determine the owner of the file or folder.

  • Change Permissions--This event is logged when a group member tries to change who has access to a file or folder.

  • Take Ownership--The Take Ownership event is triggered when a group member attempts to take ownership of a file or folder.

Remember that you can audit either successes (for example, the file was deleted) or failures (Bob tried to delete a file) or both for any event. In Part 4 of this series, I'll continue the discussion by talking about auditing Active Directory objects. //

Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the director of information systems for a national chain of health care facilities and as a network engineer for the Department of Defense. Because of the extremely high volume of e-mail that Brien receives, it's impossible for him to respond to every message, although he does read them all.

Actions You Can Audit

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter

By submitting your information, you agree that enterprisenetworkingplanet.com may send you ENTERPRISENetworkingPLANET offers via email, phone and text message, as well as email offers about other products and services that ENTERPRISENetworkingPLANET believes may be of interest to you. ENTERPRISENetworkingPLANET will process your information in accordance with the Quinstreet Privacy Policy.