[windows2000] Re: auditing file execution on Windows 2000

  • From: Spriggs Jon <Jon.Spriggs@xxxxxxxxxxxxxx>
  • To: windows2000@xxxxxxxxxxxxx
  • Date: Wed, 27 Oct 2004 08:00:12 +0100

How about...

Changing the shortcut your users use to launch it, to launch a wsh style
file, then write a short VBS or Jscript file to write to the sec event log
and then launch it?

Jon Spriggs
-- 
The presence of a "Fujitsu" address does not imply or assume that Fujitsu
Services, Fujitsu or any other company containing the Fujitsu name uses or
endorses this product. This email is purely a personal opinion.


-----Original Message-----
From: Mike Perrin [mailto:perrinm@xxxxxxxxxxxxxxx] 
Sent: 26 October 2004 16:18
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] auditing file execution on Windows 2000


Hi all,

This is my first post for help, I've been passively reading this list for a
couple months now, I must say I'm very pleased with the expertise and
courtesy the people on this list exude. 

My issue is this:

I have a W2K server on which there is an application that runs from an
executable stored on the server. I wish to have an event generated in the
sec event viewer every time one of the 4 users who uses this app, executes
the file to open it.

So far I have:

Gone into local security policy (secpol.msc) and enabled auditing on object
access (success). 

Gone into the properties of the exe I am auditing and in the
security/advanced/auditing tab I have entered in the user accounts of all
the users I wish to audit. 

Here is where I am confused: which items have to be checked off in the
access table for this exe so that 2000 only gives me events when the file is
executed, not for every time someone breathes on the server or looks at it
funny (object access auditing is very very extensive, I want to KISS (keep
it simple silly).

Thanks in advance for the help,

Mike
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts: