Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Monitor file system changes
Monitor file system changes [message #159851] Mon, 10 August 2009 15:12 Go to next message
Dean  is currently offline Dean
Messages: 25
Registered: July 2009
Junior Member
Hello,

I'm not 100% sure this is the correct discussion group but I thought I would
try here first. I am trying to find out if there is a way to be alerted by
some installable Microsoft tool when a user makes a change to critical files
on a file server or a domain admin modifies logon scripts. I know these are
kind of 2 different questions I just wanted to start here.

TIA,
Dean
Re: Monitor file system changes [message #159857 is a reply to message #159851] Mon, 10 August 2009 17:34 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Dean" <Dean@discussions.microsoft.com> wrote in message
news:8FA4AC08-1C8F-4F7B-9534-47A19EA2DEFC@microsoft.com...
> Hello,
>
> I'm not 100% sure this is the correct discussion group but I thought I
> would
> try here first. I am trying to find out if there is a way to be alerted
> by
> some installable Microsoft tool when a user makes a change to critical
> files
> on a file server or a domain admin modifies logon scripts. I know these
> are
> kind of 2 different questions I just wanted to start here.
>
> TIA,
> Dean


Well, yes and no as far as which newsgrouup. But you're ok here. Auditing is
your answer for both parts. There is AD auditing, and then there's file
system and other resource auditing. Auditing events, will show up in the
Event logs.

The following are my notes on Auditing.

============================================================ ======
Auditing

AccessEnum for folders:
http://technet.microsoft.com/en-us/sysinternals/bb897332.asp x

ShareEnum for shares:
http://technet.microsoft.com/en-us/sysinternals/bb897442.asp x

An appropriate need for eventcombnt as opposed to searching through 11 DCs
everytime.
http://technet.microsoft.com/en-us/security/cc297183.aspx

Logon Type Codes Revealed (EventIDs)
http://www.windowsecurity.com/articles/Logon-Types.html

Audit logon events: Security Configuration Editor; Security ServicesJan 21,
2005
If both account logon and logon audit policy categories are enabled, logons
that use a domain account generate a logon or logoff event on ...
http://technet.microsoft.com/en-us/library/cc787567.aspx

Audit logon events
If you are auditing successful Audit account logon events on a domain
controller, then workstation logons do not generate logon audits. ...
http://technet.microsoft.com/en-us/library/cc976395.aspx

Audit account logon events
http://technet.microsoft.com/en-us/library/cc787176(WS.10).aspx

Auditing failed logon events and account lockouts
http://technet.microsoft.com/en-us/library/cc671957(WS.10).aspx

How to Enable Success Logon Event Logging Dec 1, 2008
To enable success logon event logging using a local security policy ...
In the results pane, double-click Audit logon events and ensure that ...
http://technet.microsoft.com/en-us/library/cc431373.aspx

Auditing Security Events Best practices: Auditing Jan 21, 2005
For information about how to enable auditing in the logon event category,
see Define or modify auditing policy settings for an event ...
http://technet.microsoft.com/en-us/library/cc778162.aspx

---

Which DC joined my machine to the domain?

Check the netsetup.log in % SystemRoot %\debug folder.
Also enable Auditing for Account management on the Default domain
controllers GPO.
============================================================ ======

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration
among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: Monitor file system changes [message #159874 is a reply to message #159851] Tue, 11 August 2009 06:06 Go to previous message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi Dean,

SCOM may be the answer for what you want, have a look at SCOM newsgroups to
help you with that task. You also can build your own alerts deppind what
you're looking for.

--
I hope that the information above helps you.
Have a Nice day.

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Jorge Silva
MVP Directory Services
"Dean" <Dean@discussions.microsoft.com> wrote in message
news:8FA4AC08-1C8F-4F7B-9534-47A19EA2DEFC@microsoft.com...
> Hello,
>
> I'm not 100% sure this is the correct discussion group but I thought I
> would
> try here first. I am trying to find out if there is a way to be alerted
> by
> some installable Microsoft tool when a user makes a change to critical
> files
> on a file server or a domain admin modifies logon scripts. I know these
> are
> kind of 2 different questions I just wanted to start here.
>
> TIA,
> Dean
Previous Topic:KMS error
Next Topic:dfs root does not exist
Goto Forum:
  


Current Time: Tue Jan 16 04:16:34 MST 2018

Total time taken to generate the page: 0.02250 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software