You enable auditing from the User Manager for Domains Auditing
Policy dialog box. Through auditing, you can track Advanced Server
security events. You can specify that an audit entry is to be written
to the security event log whenever certain actions are performed
or files are accessed.
An audit entry shows the activity that occurred, the user
who performed the action, and the date and time of the activity.
You can audit both successful and failed attempts. The audit trail
can show who actually performed actions on the network and who tried
to perform actions that are not permitted.
Events are not audited by default. If you have Administrator
permission, you can specify which types of system events
are audited through User Manager for Domains.
The Audit policy determines the amount and type of security
logging that Advanced Server performs. For file and object access,
you can specify which files and printers to monitor, which types
of file and object access to monitor, and for which users or groups.
For example, when File and Object Access auditing is enabled, you
can use the Security tab in a file or folder's Properties
dialog box (accessed through Explorer) to specify which files
are audited and what type of file access is audited for those files.
Managing the Audit Policy |
 |
Advanced Server/9000 can record a range of event types, from
a system-wide event, such as a user logging on, to an attempt by
a particular user to read a specific file. Both successful and unsuccessful
attempts to perform an action can be recorded.
You can use the Audit policy to select the types of security
events to audit. When an audited event occurs, an entry is added
to the computer's security log. The security log can be
viewed with Event Viewer.
Because the security log is limited in size, carefully select
the events to be audited and consider the amount of disk space you
are willing to devote to the security log. The maximum size of the
security log is defined in Event Viewer. .
For more information on setting the Audit policy, see Chapter 2,
"Managing Advanced Server Domains," and "Managing
the Audit Policy" in User Manager for Domains Help.
Auditing File and Folder Access |
|
You can audit the access of files and folders on NTFS volumes
and network drivers to identify who took various types of actions
with the files and folders and hold those users accountable for
their actions.
When you audit a file or folder, an entry is written to the
Advanced Server/9000 security log whenever the file or folder is
accessed in a certain way. You determine which files and folders
to audit, whose actions to audit, and exactly which types of actions
are audited.
To set auditing on a file or folder, use User Manager for
Domains to enable auditing of File and Object Access, and then use
Explorer to specify which files to audit and which type of file
access events to audit. To view audit entries, use the Event Viewer.
You can audit the following types of directory and file access
for successful and failed attempts:
For more information about auditing printers, see Chapter 6,
"Setting Up Print Servers."
Printable version
