Windows Server 2008 Inside Out- P13

Chia sẻ: Thanh Cong | Ngày: | Loại File: PDF | Số trang:50

0
37
lượt xem
10
download

Windows Server 2008 Inside Out- P13

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'windows server 2008 inside out- p13', công nghệ thông tin, quản trị mạng phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:
Lưu

Nội dung Text: Windows Server 2008 Inside Out- P13

  1. Managing File and Folder Permissions 567 Managing File and Folder Permissions You can think of file and folder permissions as the base-level permissions—the permis- sions that are applied no matter what. For NTFS volumes, you use fi le and folder per- missions and ownership to further constrain actions within the share as well as share permissions. For FAT volumes, share permissions provide the only access controls. The reason for this is that FAT volumes have no file and folder permission capabilities. File and folder permissions are much more complex than share permissions, and to really understand how they can be used and applied, you must understand ownership and inheritance as well as the permissions that are available. SIDE OUT Changes to basic file and folder attributes are sometimes necessary As administrators, we often forget about the basic file and folder attributes that can be assigned. However, basic file and folder attributes can affect access, so let’s look at these attributes first and then at the file and folder permissions you can apply to NTFS volumes. All files and folders have basic attributes regardless of whether you are work- ing with FAT or NTFS. These attributes can be examined in Windows Explorer by right- clicking the file or folder icon and then selecting Properties. Folder and file attributes include Hidden and Read-Only. Hidden determines whether the file is displayed in file listings. You can override this by telling Windows Explorer to display hidden files. On NTFS, the Read-Only attribute for folders is initially shown as unavailable. Here, this means the attribute is in a mixed state regardless of the current state of files in the folder. If you override the mixed state by selecting the Read-Only check box for a folder, all files in the folder will be read-only. If you override the mixed state and clear the Read-Only check box for a folder, all files in the folder will be writable. File and Folder Ownership Chapter 17 Before working with fi le and folder permissions, you should understand the concept of ownership as it applies to fi les and folders. In Windows Server 2008, the fi le or folder owner isn’t necessarily the file or folder’s creator. Instead, the file or folder owner is the person who has direct control over the file or folder. File or folder owners can grant access permissions and give other users permission to take ownership of a file or folder. The way ownership is assigned initially depends on where the file or folder is being created. By default, the user who created the file or folder is listed as the current owner. Ownership can be taken or transferred in several ways. Any administrator can take ownership. Any user or group with the Take Ownership permission can take owner- ship. Any user who has the right to Restore Files And Directories, such as a member of the Backup Operators group, can take ownership as well. Any current owner can trans- fer ownership to another user as well.
  2. 568 Chapter 17 File Sharing and Security Taking Ownership of a File or Folder You can take ownership using a file or folder’s Properties dialog box. Right-click the fi le or folder, and then select Properties. On the Security tab of the Properties dialog box, display the Advanced Security Settings dialog box by clicking Advanced. Next, on the Owner tab, click Edit to display an editable version of the Owner tab, as shown in Fig- ure 17-17. In the Change Owner To list box, select the new owner. If you’re taking own- ership of a folder, you can take ownership of all subfolders and files within the folder by selecting the Replace Owner On Subcontainers And Objects check box. Click OK twice when you are finished. Figure 17-17 Taking ownership is done by using the Owner tab. Transferring Ownership If you are an administrator or a current owner of a file or folder, you can transfer own- ership to another user by using a file or folder’s Properties dialog box. In Windows Explorer, right-click the file or folder, and then select Properties. On the Security tab of the Properties dialog box, display the Advanced Security Settings dialog box by click- Chapter 17 ing the Advanced button. Next, on the Owner tab, click Edit to display an editable ver- sion of the Owner tab, as shown in Figure 17-17. Click Other Users Or Groups to display the Select User, Computer, Or Group dialog box. Type the name of a user or group, and click Check Names. If multiple names match the value you entered, you’ll see a list of names and will be able to choose the one you want to use. Otherwise, the name will be filled in for you, and you can click OK to close the Select User, Computer, Or Group dialog box. Under Change Owner To on the Owner tab of the Advanced Security Settings dialog box, the user you added is listed and selected. When you click OK, ownership is transferred to this user.
  3. Managing File and Folder Permissions 569 Permission Inheritance for Files and Folders By default, when you add a folder or file to an existing folder, the folder or file inherits the permissions of the existing folder. For example, if the Domain Users group has access to a folder and you add a file to this folder, members of the Domain Users group will be able to access the file. Inherited permissions are automatically assigned when files and folders are created. When you assign new permissions to a folder, the permissions propagate down and are inherited by all subfolders and files in the folder and supplement or replace exist- ing permissions. If you add permissions on a folder to allow a new group to access a folder, these permissions are applied to all subfolders and files in the folder, meaning the additional group is granted access. On the other hand, if you were to change the permissions on the folder so that, for instance, only members of the Engineering group could access the folder, these permissions would be applied to all subfolders and files in the folder, meaning only members of the Engineering group would have access to the folder, its subfolders, and its files. Inheritance is automatic. If you do not want the permissions of subfolders and files within folders to supplement or replace existing permissions, you must override inheri- tance starting with the top-level folder from which the permissions are inherited. A top-level folder is referred to as a parent folder. Files and folders below the parent folder are referred to as child files and folders. This is identical to the parent/child structure of objects in Active Directory. Changing Shaded Permissions and Stopping Inheritance If a permission you want to change is shaded, the file or folder is inheriting the permis- sion from a parent folder. To change the permission, you must do one of the following: Access the parent folder and make the desired changes. These changes will then be inherited by child folders and files. Select the opposite permission to override the inherited permission if possible. In most cases, Deny overrides Allow, so if you explicitly deny permission to a user or group for a child folder or file, this permission should be denied to that user or Chapter 17 group of users. Stop inheriting permissions from the parent folder and then copy or remove exist- ing permissions as appropriate. To stop inheriting permissions from a parent folder, right-click the file or folder in Windows Explorer and then select Properties. On the Security tab of the Properties dialog box, click Advanced to display the Advanced Security Settings dialog box. On the Permissions tab, click Edit to display an editable version of the Permissions tab, as shown in Figure 17-18.
  4. 570 Chapter 17 File Sharing and Security Figure 17-18 Change inheritance as necessary. Clear the Include Inheritable Permissions From This Object’s Parent check box. As shown in Figure 17-19, you now have the opportunity to copy over the permissions that were previously applied or remove the inherited permissions and apply only the permissions that you explicitly set on the folder or file. Click Copy or Remove as appropriate. Figure 17-19 Copy over or remove the inherited permissions. Chapter 17 Resetting and Replacing Permissions Another way to manage permissions is to reset the permissions of subfolders and files within a folder, replacing their permissions with the current permissions assigned to the folder you are working with. In this way, subfolders and files get all inheritable permissions from the parent folder and all other explicitly defined permissions on the individual subfolders and files are removed. To reset permissions for subfolders and files of a folder, right-click the file or folder in Windows Explorer, and then select Properties. On the Security tab of the Properties dialog box, click Advanced to display the Advanced Security Settings dialog box. On the Permissions tab, click Edit to display an editable version of the Permissions tab.
  5. Managing File and Folder Permissions 571 Select Replace All Existing Inheritable Permissions…, and then click OK. As shown in Figure 17-20, you will see a prompt explaining that this action will remove all explicitly defined permissions and enable propagation of inheritable permissions. Click Yes. Figure 17-20 Confirm that you want to replace the existing permissions on subfolders and files. Configuring File and Folder Permissions On NTFS volumes, you can assign access permissions to files and folders. These per- missions grant or deny access to users and groups. Basic Permissions In Windows Explorer you can view basic permissions by right-clicking the file or folder you want to work with, selecting Properties on the shortcut menu, and then in the Properties dialog box selecting the Security tab, as shown in Figure 17-21. The Group Or User Names list shows groups and users with assigned permissions. If you select a group or user in this list, the applicable permissions are shown in the Permissions For list. If permissions are unavailable, it means the permissions are inherited from a par- ent folder as discussed previously. Chapter 17 Figure 17-21 The Security tab shows the basic permissions assigned to each user or group.
  6. 572 Chapter 17 File Sharing and Security The basic permissions you can assign to folders and fi les are shown in Table 17-1 and Table 17-2. These permissions are made up of multiple special permissions. Table 17-1 Basic Folder Permissions Permission Description Full Control This permission permits reading, writing, changing, and deleting files and subfolders. If a user has Full Control over a folder, she can delete files in the folder regardless of the permission on the files. Modify This permission permits reading and writing to files and subfolders; allows deletion of the folder. List Folder Contents This permission permits viewing and listing files and subfolders as well as executing files; inherited by folders only. Read & Execute This permission permits viewing and listing files and subfolders as well as executing files; inherited by files and folders. Write This permission permits adding files and subfolders. Read This permission permits viewing and listing files and subfolders. Table 17-2 Basic File Permissions Permission Description Full Control This permission permits reading, writing, changing, and deleting the file. Modify This permission permits reading and writing of the file; allows deletion of the file. Read & Execute This permission permits viewing and accessing the file’s contents as well as executing the file. Write This permission permits writing to a file. Giving a user permission to write to a file but not to delete it doesn’t prevent the user from deleting the file’s contents. Read This permission permits viewing or accessing the file’s contents. Read is the only permission needed to run scripts. Read access is required to access a shortcut and its target. Chapter 17 You can set basic permissions for files and folders by following these steps: 1. In Windows Explorer, right-click the file or folder you want to work with, and select Properties. In the Properties dialog box, select the Security tab, shown previously in Figure 17-21. 2. Click Edit to display an editable version of the Security tab. Users or groups that already have access to the file or folder are listed in the Name list box. You can change permissions for these users and groups by selecting the user or group you want to change and then using the Permissions list box to grant or deny access permissions.
  7. Managing File and Folder Permissions 573 3. To set access permissions for additional users, computers, or groups, click Add. This displays the Select Users, Computers, Or Groups dialog box. 4. The Locations button allows you to access account names from other domains. Click Locations to see a list of the current domain, trusted domains, and other resources that you can access. Because of the transitive trusts in Windows Server 2008, you can usually access all the domains in the domain tree or forest. 5. Type the name of a user or group account in the selected or default domain, and then click Check Names. The options available depend on the number of matches found as follows: When a single match is found, the dialog box is automatically updated as appropriate and the entry is underlined. When no matches are found, you’ve either entered an incorrect name part or you’re working with an incorrect location. Modify the name and try again, or click Locations to select a new location. If multiple matches are found, select the name(s) you want to use, and then click OK. 6. To add additional users or groups, type a semicolon (;), and then repeat this process. 7. When you click OK, the users and groups are added to the Name list for the file or folder. Configure access permissions for each user and group added by selecting an account name and then allowing or denying access permissions. If a user or group should be granted access permissions, select the check box for the permission in the Allow column. If a user or group should be denied access permissions, select the check box for the permission in the Deny column. 8. When you’re fi nished, click OK. Special Permissions In Windows Explorer you can view special permissions by right-clicking the file or folder you want to work with and selecting Properties on the shortcut menu. In the Chapter 17 Properties dialog box, select the Security tab, and then click Advanced to display the Advanced Security Settings dialog box, as shown in Figure 17-22. The special permissions available are as follows: Traverse Folder/Execute File Traverse Folder lets you directly access a folder even if you don’t have explicit access to read the data it contains. Execute File lets you run an executable file. List Folder/Read Data List Folder lets you view fi le and folder names. Read Data lets you view the contents of a file. Read Attributes Lets you read the basic attributes of a file or folder. These attri- butes include Read-Only, Hidden, System, and Archive.
  8. 574 Chapter 17 File Sharing and Security Figure 17-22 The Advanced Security Settings dialog box can be used to access the special permissions assigned to each user or group. Read Extended Attributes Lets you view the extended attributes (named data streams) associated with a fi le. As discussed in Chapter 16, “Managing Windows Server 2008 File Systems,” these include Summary fields, such as Title, Subject, and Author, as well as other types of data. Create Files/Write Data Create Files lets you put new fi les in a folder. Write Data allows you to overwrite existing data in a fi le (but not add new data to an existing file because this is covered by Append Data). Create Folders/Append Data Create Folders lets you create subfolders within folders. Append Data allows you to add data to the end of an existing file (but not to overwrite existing data because this is covered by Write Data). Write Attributes Lets you change the basic attributes of a file or folder. These attributes include Read-Only, Hidden, System, and Archive. Write Extended Attributes Lets you change the extended attributes (named data streams) associated with a fi le. As discussed in Chapter 16, these include Sum- Chapter 17 mary fields, such as Title, Subject, and Author, as well as other types of data. Delete Subfolders And Files Lets you delete the contents of a folder. If you have this permission, you can delete the subfolders and files in a folder even if you don’t specifically have Delete permission on the subfolder or file. Delete Lets you delete a fi le or folder. If a folder isn’t empty and you don’t have Delete permission for one of its files or subfolders, you won’t be able to delete it. You can do this only if you have the Delete Subfolders And Files permission.
  9. Managing File and Folder Permissions 575 Read Permissions Lets you read all basic and special permissions assigned to a file or folder. Change Permissions Lets you change basic and special permissions assigned to a file or folder. Take Ownership Lets you take ownership of a file or folder. By default, admin- istrators can always take ownership of a file or folder and can also grant this permission to others. Tables 17-3 and 17-4 show how special permissions are combined to make the basic permissions for files and folders. Because special permissions are combined to make the basic permissions, they are also referred to as atomic permissions. Table 17-3 Special Permissions for Folders List Full Read & Folder Special Permissions Control Modify Execute Contents Read Write Traverse Folder/ X X X X Execute File List Folder/Read Data X X X X X Read Attributes X X X X X Read Extended X X X X X Attributes Create Files/Write X X X Data Create Folders/ X X X Append Data Write Attributes X X X Write Extended X X X Attributes Delete Subfolders And X Files Chapter 17 Delete X X Read Permissions X X X X X X Change Permissions X Take Ownership X
  10. 576 Chapter 17 File Sharing and Security Table 17-4 Special Permissions for Files Full Read & Special Permissions Control Modify Execute Read Write Traverse Folder/ X X X Execute File List Folder/Read Data X X X X Read Attributes X X X X Read Extended X X X X Attributes Create Files/Write Data X X X Create Folders/ X X X Append Data Write Attributes X X X Write Extended X X X Attributes Delete Subfolders And X Files Delete X X Read Permissions X X X X X Change Permissions X Take Ownership X You can set special permissions for files and folders in Windows Explorer. Right-click the file or folder you want to work with and then select Properties. In the Properties dialog box, click the Security tab, and then click Advanced. This displays the Advanced Security Settings dialog box with the Permissions tab selected. Click Edit to display an editable version of the Permissions tab. You now have the following options: Add Adds a user or group. Click Add to display the Select User, Computer, Or Group dialog box. Type the name of a user or group, and click Check Names. If Chapter 17 multiple names match the value you entered, you’ll see a list of names and will be able to choose the one you want to use. Otherwise, the name will be filled in for you. When you click OK, the Permission Entry For dialog box shown in Figure 17-23 is displayed.
  11. Managing File and Folder Permissions 577 Figure 17-23 Use the Permission Entry For dialog box to set special permissions. Edit Edits an existing user or group entry. Select the user or group whose permis- sions you want to modify, and then click Edit. The Permission Entry For dialog box shown in Figure 17-23 is displayed. Remove Removes an existing user or group entry. Select the user or group whose permissions you want to remove, and then click Remove. If you are adding or editing entries for users or groups, you use the Permission Entry For dialog box to grant or deny special permissions. Select Allow or Deny for each permission as appropriate. When finished, use the Apply Onto options shown in Table 17-5 to determine how and where these permissions are applied. If you want to prevent subfolders and files from inheriting these permissions, select Apply These Permissions To Objects And/Or Containers Within This Container Only. When you do this, all the Chapter 17 related entries in Table 17-5 are No. This means the settings no longer apply onto subse- quent subfolders or to files in subsequent subfolders.
  12. 578 Chapter 17 File Sharing and Security Table 17-5 Special Permissions Apply Onto Options Applies to Subfolders Applies to Applies Applies to in the File in the Applies to to Files in Current Current Current Subsequent Subsequent Apply Onto Folder Folder Folder Subfolders Subfolders This folder only Yes No No No No This folder, subfolders, and Yes Yes Yes Yes Yes files This folder and Yes Yes No Yes No subfolders This folder and Yes No Yes No Yes files Subfolders and No Yes Yes Yes Yes files only Subfolders only No Yes No Yes No Files only No No Yes No Yes Note When Apply These Permissions To Objects And/Or Containers Within This Container Only is selected, all the values under Applies To Subsequent Subfolders and Applies To Files In Subsequent Subfolders are No. The settings no longer apply onto subsequent subfolders or to files in subsequent subfolders. Determining Effective Permissions Navigating the complex maze of permissions can be daunting even for the best admin- Chapter 17 istrators. Sometimes it won’t be clear how a particular permission set will be applied to a particular user or group. If you ever want to know exactly how the current permis- sions will be applied to a particular user or group, you can use a handy tool called Effec- tive Permissions. Effective Permissions applies only to file and folder permissions—not share permis- sions—and is an option of the Advanced Security Settings dialog box. To get to it from Windows Explorer, right-click the file or folder you want to work with and select Prop- erties. In the Properties dialog box, select the Security tab, and then click Advanced. To see how permissions will be applied to a user or group, click the Effective Permissions tab, click Select, type the name of the user or group, and then click OK. The Effective Permissions for the selected user or group are displayed as shown in Figure 17-24.
  13. Managing File Shares After Configuration 579 Figure 17-24 Use Effective Permissions to help you determine how permissions will be applied to a specific user or group. Effective Permissions does have the following limitations: You need the proper access permissions to view the effective permissions of a user or group. That goes without saying, pretty much. But it is important to point out. You cannot determine permissions for global or universal security groups that are nested in domain local groups. For example, by default Users has access to most folders, and one of its members is Domain Users, which is a global security group. If you try to determine the effective permissions for Domain Users, no permis- sions are displayed. You cannot determine the effective permissions for implicit groups or special identities, such as Everyone, Interactive, Domain Controllers, Local Service, or Network Service. Managing File Shares After Configuration Chapter 17 Configuring shares can be a time-consuming process especially if you are trying to troubleshoot why a particular user doesn’t have access or set up a new server with the same file shares as a server you are decommissioning. Fortunately, there are some techniques you can use to help you better manage file shares and the way they are implemented. Net Share is a handy command-line tool for helping you track file share and print share permissions. You can use it to display a list of shares and who has access. If you redirect the output of Net Share, you can save the share configuration and access information to a file, and this file can become a log that helps you track share changes over time.
  14. 580 Chapter 17 File Sharing and Security To view a list of configured shares, type net share at the command prompt. The output of Net Share shows you the name of each share on the server, the location of the actual folder being shared, and any descriptions you’ve added. Here is an example: Share name Resource Remark ---------------------------------------------------------- ADMIN$ C:\Windows Remote Admin C$ C:\ Default share F$ F:\ Default share IPC$ Remote IPC CorpData C:\CorpData CorpTech F:\CorpTech DevData F:\DevData EngData C:\EngData HRData F:\HRData Public C:\Users\Public UserData C:\UserData The command completed successfully. The list of shares shown includes the fi le shares CorpData, CorpTech, EngData, Public, and others, and administrative shares created and managed by Windows, including ADMIN$, IPC$, and any drive shares. If you want to redirect the output to a fi le, you can do this by typing net share > File- Name.txt, where FileName.txt is the name of the file to create and to which you want to write, such as net share > C:\logs\fileshares.txt If you follow the Net Share command with the name of a configured share, you’ll see the complete configuration details for the share as shown in the following example: Share name EngData Path C:\EngData Remark Maximum users No limit Users Chapter 17 Caching Manual caching of documents Permission CPANDL\Domain Admins, FULL CPANDL\Domain Users, READ CPANDL\EngineeringUsers, READ The command completed successfully. You can append the share configuration details to the previously created log fi le by using the append symbol (>>) instead of the standard redirect symbol (>), as shown in the following example: net share corpdata >> C:\logs\fileshares.txt
  15. Auditing File and Folder Access 581 Listing 17-1 shows the source of a command-line script that you could use to create a configuration log for the key shares on the computer. Although the path in the example is set to c:\logs\fi leshares.txt, you can set any log path you want. Listing 17-1 A sample share logging script net share > C:\logs\fileshares.txt net share c$ >> C:\logs\fileshares.txt net share f$ >> C:\logs\fileshares.txt net share corpdata >> C:\logs\fileshares.txt net share corptech >> C:\logs\fileshares.txt net share devdata >> C:\logs\fileshares.txt net share engdata >> C:\logs\fileshares.txt net share hrdata >> C:\logs\fileshares.txt net share public >> C:\logs\fileshares.txt net share userdata >> C:\logs\fileshares.txt Auditing File and Folder Access Access permissions will only help protect data; they won’t tell you who deleted impor- tant data or who was trying to access files and folders inappropriately. To track who accessed files and folders and what they did, you must configure auditing for fi le and folder access. Every comprehensive security strategy should include auditing. To track file and folder access, you must: Enable auditing Specify which files and folders to audit Monitor the security logs Enabling Auditing for Files and Folders You configure auditing policies by using Group Policy or local security policy. Group Policy is used when you want to set auditing policies for an entire site, domain, or orga- nizational unit, and is used as discussed in Part 5 of this book, “Managing Active Direc- Chapter 17 tory and Security.” Local security policy settings apply to an individual workstation or server and can be overridden by Group Policy. To enable auditing of files and folders for a specific computer, start the Local Security Policy tool by clicking Start, All Programs, Administrative Tools, and Local Security Policy. Expand Local Policies, and then select Audit Policy, as shown in Figure 17-25.
  16. 582 Chapter 17 File Sharing and Security Figure 17-25 Access the local auditing policy settings. Next, double-click Audit Object Access. This displays the Audit Object Access Proper- ties dialog box shown in Figure 17-26. Under Audit These Attempts, select the Success check box to log successful access attempts, the Failure check box to log failed access attempts, or both check boxes, and then click OK. This enables auditing but it doesn’t specify which files and folders should be audited. Chapter 17 Figure 17-26 Configure auditing for object access. Specifying Files and Folders to Audit After you have enabled Audit Object Access, you can set the level of auditing for individ- ual folders and files. This allows you to control whether and how folder and file usage is tracked. Keep in mind that auditing is available only on NTFS volumes. In addition, everything discussed about inheritance applies to fi les and folders as well—and this is a good thing. This allows you, for example, to audit access to every file or folder on a vol- ume simply by specifying that you want to audit the root folder of the volume.
  17. Auditing File and Folder Access 583 You specify files and folders to audit using Windows Explorer. In Windows Explorer, right-click the file or folder to be audited, and then, from the shortcut menu, select Prop- erties. In the Properties dialog box, click the Security tab, and then click Advanced. In the Advanced Security Settings dialog box, click Edit on the Auditing tab. You can now view and manage auditing settings using the options shown in Figure 17-27. Figure 17-27 Specify to which users and groups auditing should apply. You have the same two inheritance options discussed earlier in the chapter: If you want to inherit auditing settings from a parent object, ensure that the Include Inheritable Permissions From This Object’s Parent check box is selected. If you want child objects of the current object to inherit the settings you are set- ting on the current folder, select the Replace All Existing Inheritable Auditing Entries check box. Now use the Auditing Entries list box to select the users, groups, or computers whose actions you want to audit. To add specific accounts, click Add, and then use the Select User, Computer, Or Group dialog box to select an account name to add. If you want to Chapter 17 audit actions for all users, use the special group Everyone. Otherwise, select the specific user groups or users, or both, that you want to audit. When you click OK, you’ll see the Auditing Entry For dialog box, as shown in Figure 17-28.
  18. 584 Chapter 17 File Sharing and Security Figure 17-28 Determine the actions to audit for the designated user, group, or computer. The Apply Onto drop-down list box allows you to specify which actions should be audited. Select the Successful or Failed check boxes, or both, for the events you want to audit. The events you can audit are the same as the special permissions listed in Tables 17-3 and 17-4, except you can’t audit the synchronizing of offline files and fold- ers. Click OK when you’re finished. Repeat this process to audit other users, groups, or computers. Note Often you’ll want to track only failed actions. This way, you know if someone was try- ing to perform an action and failed. Keep in mind a failed attempt doesn’t always mean Chapter 17 someone is trying to break into a file or folder. A user simply might have double-clicked a folder or file to which he or she didn’t have access. In addition, some types of actions can cause multiple failed attempts to be logged even when the user performed the action only once. Regardless, as an administrator, you should always check multiple failed attempts because of the possibility that someone is attempting to breach your system’s defenses.
  19. Auditing File and Folder Access 585 Monitoring the Security Logs Any time files and folders that you’ve configured for auditing are accessed, the action is written to the system’s Security log, where it’s stored for your review. The Security log is accessible from Event Viewer. Successful actions can cause successful events, such as successful file reads, to be recorded. Failed actions can cause failed events, such as failed file deletions, to be recorded. Chapter 17
Đồng bộ tài khoản