Managing File Systems
File and Folder Permissions
Auditing
- The Advanced Security Settings dialog box provides a way for you (if you are an Administrator) to monitor access to files and folders through the Event Log. The Auditing tab lets you specify users and access types to monitor, and decide whether to record log entries for successful access, failure to access, or both. Auditing can be set for the use of each access attribute that you can set with Permissions: List Folder, Write Data, and so on.
- Auditing is useful in several situations:
- To determine what files and folders an errant application program is attempting to use
- To monitor users for attempts to circumvent security
- To keep a record of access to important documents
- To enable auditing, locate the folder or file you want to monitor, view the Security tab of its Properties dialog box, click Advanced, view the Auditing tab, click Continue, and click Add. On the Object tab of the Auditing Entry dialog box, select a specific user or group (or Everyone), click OK, and check the desired events to audit from the Access options, and click OK again.
- You can prevent a new audit setting from propagating into subfolders by checking Apply These Auditing Entries to Objects and/or Containers Within This Container Only. You can enable the resetting of audit properties of all subfolders and files by checking Replace All Existing Auditing Inheritable Auditing Entries on All Descendants With Inheritable Auditing Entries From This Object on the Auditing tab of the Advanced Security Settings dialog box.
- An entry is made in the Security Event log for each audited access, so be careful if you are enabling auditing on the entire hard drive!