Info

Cjear Ai

and/or containers within this container only

Figure 23-3: Select the Successful or Failed checkbox as needed to configure auditing for each event type for the selected object.

4. Select Successful for a given event if you want to record the successful completion of the event. Select Failed to monitor failed attempts. Selecting the "Apply these auditing entries to objects and/or containers within this container only" checkbox applies auditing to only the contents of the selected container (such as the files in the selected folder). The contents of subfolders are audited unless this option is selected. After you're satisfied with the audit event selections, click OK.

As you're defining the audit policy for a selected object, keep in mind that you could potentially generate a huge number of events in the security log. Unless you have a specific reason to audit success on a given event, consider auditing only failure to reduce traffic to the log and load on the computer. Auditing failed access is typically most useful for tracking attempts at unauthorized access.

Repeat the preceding steps to add other users, groups, or computers to the list. In the Advanced Security Settings dialog box (see Figure 23-4) are the following two options that control how auditing entries are affected by the parent object and how they affect child objects:

♦ Allow inheritable auditing entries from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here. Select this option if you want auditing properties to be inherited by the current object from its parent object. Deselect this option to prevent audit properties from being inherited.

♦ Replace auditing entries on all child objects with entries shown here that apply to child objects. Select this option to clear and audit properties configured within child objects (such as subfolders) and to enable the audit properties for the current object to propagate to child objects.

Close the object's property sheets after you finish defining the audit policy for the object. Auditing begins immediately.

Advanced Security Settings for Public

Permissions Auditing |0wier] Effective Permissions] To view more nfoimotion about special auditing entries, select an audting entry, and then click Edit. Auditing ertriei:

Permissions Auditing |0wier] Effective Permissions] To view more nfoimotion about special auditing entries, select an audting entry, and then click Edit. Auditing ertriei:

T«JB

1 Name

1 Access

I Inherited From

1 AH* TO

Success

Users (M CI TYUJsers)

Special

< not inherited>

This folds, subí old..

Allow inheritable auditing ertries from the parent to propagate to this otaect and al child objeds Include ihese with entries explicitly defined here.

Allow inheritable auditing ertries from the parent to propagate to this otaect and al child objeds Include ihese with entries explicitly defined here.

Refilace auditng entries on al child objects wiUh entries shown hae that apply to child objects

Leain mc*e about auditing

Apply

Figure 23-4: Use the Auditing tab of the Advanced Security Settings dialog box to configure auditing for a selected object.

Was this article helpful?

0 0

Post a comment