Read this whole guide offline with no ads, for a very low price!
Click Here!

Custom Search







Table Of Contents  CertiGuide to A+ (A+ 4 Real)
 9  Chapter 1: What are Operating Systems and How Do They Work?
      9  File Attributes
           9  NTFS File Permissions

Previous Topic/Section
Advanced Permissions
Previous Page
Pages in Current Topic/Section
1
Next Page
Enabling Auditing
Next Topic/Section

Object Access Auditing

To complement access controls, NTFS also supports object access auditing. By adding users to the audit list and selecting actions to audit, Windows will write an event to the Event Log every time an auditable action occurs. This is an extremely useful feature, as it is essential to have a comprehensive audit trail of access to sensitive data. To configure auditing, click on the “Auditing” tab in the Advanced Access Controls dialog. By default, nothing is audited, so click the “Add” button to select a user from the usual user and group selection dialog. For this example, we will use the local Administrator account again. After selecting a user or group and clicking “OK”, you are prompted to select which events should be audited. The dialog is identical to the “Advanced Permissions” dialog, except that instead of Allow and Deny there are Success and Failure check boxes. In this context Success is when a user completes an action (such as deleting a file), whilst Failure is when the user was prevented from doing so by permissions (because the user has not been granted the delete permission on the file).

Figure 154: Simulation: NFTS Folder Properties – Step 7

 


To demonstrate the principle of auditing we will audit the “Read Data” action on the test file. Tick the checkbox corresponding to success for “List Folder/Read Data”, and click “OK”. The Advanced Access Controls dialog reappears with a new entry in the Auditing window corresponding to the audit entry just created. Click “OK” to dismiss the Advanced Access Controls dialog, and click “OK” to dismiss the test file properties dialog.


Previous Topic/Section
Advanced Permissions
Previous Page
Pages in Current Topic/Section
1
Next Page
Enabling Auditing
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to A+ (A+ 4 Real) from StudyExam4Less.com. Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide to A+ (A+ 4 Real) (http://www.CertiGuide.com/apfr/) on CertiGuide.com
Version 1.0 - Version Date: March 29, 2005

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.