(0) exportieren Drucken
Alle erweitern

Monitor the Central Access Policies Associated with Files and Folders

Letzte Aktualisierung: August 2012

Betrifft: Windows 8, Windows Server 2012

This topic describes how to monitor changes to the central access policies that are associated with files and folders. This security audit policy and the event that it records are generated when the central access policy that is associated with a file or folder is changed. This security audit policy is useful for situations where an administrator wants to monitor potential changes on some, but not all, files and folders on a file server. To monitor potential central access policy changes for an entire file server, see Monitor the Central Access Policies that Apply on a File Server.

The following procedures describe how to configure monitoring of central access policies associated with files.

noteHinweis
To configure central access policy monitoring, you must have configured and deployed Dynamic Access Control in your network. For more information about how to configure and deploy Dynamic Access Control, see Dynamic Access Control: Scenario Overview.

  1. Sign in to the domain controller with domain administrator permissions.

  2. In Server Manager, point to Tools, and then click Group Policy Management.

  3. In the console tree, right-click the flexible access Group Policy Object, and then click Edit.

  4. Double-click Computer Configuration, double-click Security Settings, double-click Advanced Audit Policy Configuration, double-click Policy Change, and then double-click Audit Authorization Policy Change.

  5. Select the Configure the following audit events check box, select the Success and, if desired, the Failure check boxes, and then click OK.

  6. Enable auditing for a file or folder as described in the following procedure.

  1. Sign in to the computer that contains the files or folders that you want to audit as a member of the local administrators group.

    Open a File Explorer window and select or create a file or folder to audit.

    Right-click the file or folder, click Properties, and then click the Security tab.

    Click Advanced, and then click the Auditing tab.

    If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

    Click Add, type a user name or group name in the format contoso\user1, and then click OK.

    In the Auditing Entries for dialog box, select the permissions that you want to audit, such as Full Control or Delete.

    Click OK four times to complete configuration of the object SACL.

  2. Open an elevated command prompt, and run the following command:

    gpupdate /force

The following procedure describes how to verify that changes to central access policies that are associated with the files or folders are being monitored.

  1. Sign in to the computer that contains the files or folders that you want to audit as a member of the local administrators group.

  2. Open a File Explorer window and select the file or folder that you configured for auditing in the previous procedure.

  3. Right-click the file or folder, click Properties, click the Security tab, and then click Advanced.

  4. Click the Central Policy tab, click Change, and select a different central access policy (if one is available), or No Central Access Policy, and then click OK two times.

    noteHinweis
    You must select a setting that is different than your original setting to generate the audit event.

  5. In Server Manager, click Tools, and then click Event Viewer.

  6. Expand Windows Logs, and then click Security.

  7. Look for event 4913, which is generated when the central access policy that is associated with a file or folder is changed. This event includes the security identifiers (SIDs) of the old and new central access policies.

Fanden Sie dies hilfreich?
(1500 verbleibende Zeichen)
Vielen Dank für Ihr Feedback.

Community-Beiträge

Microsoft führt eine Onlineumfrage durch, um Ihre Meinung zur MSDN-Website zu erfahren. Wenn Sie sich zur Teilnahme entscheiden, wird Ihnen die Onlineumfrage angezeigt, sobald Sie die MSDN-Website verlassen.

Möchten Sie an der Umfrage teilnehmen?
Anzeigen:
© 2014 Microsoft