File and printer Auditing

File and printer Auditing

File Auditing
_____________
The file or folder to be audited must be on an NTFS file system.
Failure and success of the following file events be audited by User/Group

Traverse Folder / Execute File
List Folder / Read Data
Read Attributes
Read Extended Attributes
Create Files / Write Data
Write Attributes
Write Extended Attributes
Delets Subfolders and Files
Delete
Read Permissions
Change Permissions
Take Ownership
Auditing settings are inherited from parent folders into sub folders or files contained in the parent folder(s).

Printer Auditing
________________
Auditing on printers be controlled from the “Printers” folder.
Failure and success of the following file events be audited by User/Group

Print
Manage Printers
Manage Documents
Read Permissions
Change Permissions
Take Ownership

Viewing the Audit Log
_____________________
Type eventvwr from command or Use the administrative tool, “Event Viewer” to view the logs. Highlight “Security Log” in the left pane. Events may be filtered by selecting “View”, and “Filter”, then clicking the “Filter” tab. Events may be filtered by:

Source
Category
Event ID
User
Computer
Types including and of the checkboxes, Information, Warning, Error, Succes audit, and Failure audit.

Security Configuration and Analysis
___________________________________
The “Security Configuration and Analysis” tool is used to analyze a computer security configuration.

The MMC “Security Templates” snap-in must be previously installed Once installed, it is the administrative tool called “Security Console”.
The MMC “Security Configuration and Analysis” snap-in must be installed to the “Security Console” by starting it from “Administrative Tools”, selecting “Console” and “Add/Remove snap-in”.
A database in the snap-in must be created by selecting “Administrative Tools”, “Security Console”, select “Action”, and “Open database”.
To perform the analysis against a template, open a database, then select “Action”, and “Analyze Computer Now”.
To apply settings from a template, open a database that has the settings you want to apply to the computer, then select “Action”, and “Configure Computer Now”.
Secedit Command Line Tool This has been changed to Gpupdate

D:\Documents and Settings\Admin>gpupdate /?
Microsoftr Windowsr Operating System Group Policy Refresh Utility v5.1
c Microsoft Corporation. All rights reserved.

Description:  Refreshes Group Policies settings.

Syntax:  GPUpdate [/Target:{Computer | User}] [/Force] [/Wait:<value>]
[/Logoff] [/Boot] [/Sync]

Parameters:

Value                      Description
/Target:{Computer | User}  Specifies that only User or only Computer
policy settings are refreshed. By default,
both User and Computer policy settings are
refreshed.

/Force                     Reapplies all policy settings. By default,
only policy settings that have changed are
applied.

/Wait:{value}              Sets the number of seconds to wait for policy
processing to finish. The default is 600
seconds. The value ‘0’ means not to wait.
The value ‘-1’ means to wait indefinitely.
When the time limit is exceeded, the command
prompt returns, but policy processing
continues.

/Logoff                    Causes a logoff after the Group Policy settings
have been refreshed. This is required for
those Group Policy client-side extensions
that do not process policy on a background
refresh cycle but do process policy when a
user logs on. Examples include user-targeted
Software Installation and Folder Redirection.
This option has no effect if there are no
extensions called that require a logoff.

/Boot                      Causes a reboot after the Group Policy settings
are refreshed. This is required for those
Group Policy client-side extensions that do
not process policy on a background refresh cycle
but do process policy at computer startup.
Examples include computer-targeted Software
Installation. This option has no effect if
there are no extensions called that require
a reboot.

/Sync                      Causes the next foreground policy application to
be done synchronously. Foreground policy
applications occur at computer boot and user
logon. You can specify this for the user,
computer or both using the /Target parameter.
The /Force and /Wait parameters will be ignored
if specified.

Advertisements

Posted on April 17, 2011, in Uncategorized. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: