RE: Network Folder Security

["Kevin Wetzel" <kevin () isptoolz com>]

Load ntsyslog and send all auditing events to a linux system and review
that instead of your logs. Its "nearly" invisible. That way you can see
who did it on your syslog server even if they delete the windows logs on
the server...


Kevin Wetzel
ISP Toolz
http://www.isptoolz.com/
P 202-558-4061
F 202-478-0781

>   How familiar are you with enabling and configuring event
> auditing?  That will cause selected events to be recorded in
> the Security Event Log.  [If the perpetrator is using an
> administrator account, they can purge the logs, but it should
> be pretty obvious that they have done so....]
>
> David Gillett
>
>
> > -----Original Message-----
> > From: Ruiz, Rolando [mailto:rolando_ruiz () jetaviation com]
> > Sent: Wednesday, May 03, 2006 1:28 PM
> > To: gillettdavid () fhda edu; john () johnmachell wanadoo co uk;
> > security-basics () securityfocus com
> > Subject: Network Folder Security
> >
> > Hello security community,
> >
> > I wonder if anyone can help me police my own staff. I find
> > that changes happen to folder security after they have been
> > set. Someone is obviously going in there and changing things
> > and not confessing that they have. I suspect there is a
> > disgruntle employee or two making these changes. Is there a
> > way (easy or difficult) to see who has made changes to a
> > folder's security settings?
> >
> > Regards,
> >
> >
> >
> > Rolando Ruiz
> >
> > Information Technology


Kevin Wetzel
ISP Toolz Consulting
http://www.isptoolz.com/
Phone: (202)558-4061
Fax: (202)478-0781