Security Basics mailing list archives
RE: Network Folder Security
From: "Kevin Wetzel" <kevin () isptoolz com>
Date: Thu, 4 May 2006 18:00:17 -0400 (EDT)
Load ntsyslog and send all auditing events to a linux system and review that instead of your logs. Its "nearly" invisible. That way you can see who did it on your syslog server even if they delete the windows logs on the server... Kevin Wetzel ISP Toolz http://www.isptoolz.com/ P 202-558-4061 F 202-478-0781
How familiar are you with enabling and configuring event auditing? That will cause selected events to be recorded in the Security Event Log. [If the perpetrator is using an administrator account, they can purge the logs, but it should be pretty obvious that they have done so....] David Gillett-----Original Message----- From: Ruiz, Rolando [mailto:rolando_ruiz () jetaviation com] Sent: Wednesday, May 03, 2006 1:28 PM To: gillettdavid () fhda edu; john () johnmachell wanadoo co uk; security-basics () securityfocus com Subject: Network Folder Security Hello security community, I wonder if anyone can help me police my own staff. I find that changes happen to folder security after they have been set. Someone is obviously going in there and changing things and not confessing that they have. I suspect there is a disgruntle employee or two making these changes. Is there a way (easy or difficult) to see who has made changes to a folder's security settings? Regards, Rolando Ruiz Information Technology
Kevin Wetzel ISP Toolz Consulting http://www.isptoolz.com/ Phone: (202)558-4061 Fax: (202)478-0781
Current thread:
- Network Folder Security Ruiz, Rolando (May 04)
- RE: Network Folder Security David Gillett (May 04)
- RE: Network Folder Security Kevin Wetzel (May 04)
- RE: Network Folder Security Anthony J Placilla (May 05)
- RE: Network Folder Security Kevin Wetzel (May 04)
- Re: Network Folder Security Raoul Armfield (May 08)
- Re: Network Folder Security Bill Cullen (May 16)
- RE: Network Folder Security David Gillett (May 04)