[windows2000] Re: auditing file execution on Windows 2000

• From: "Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx>
• To: <windows2000@xxxxxxxxxxxxx>
• Date: Tue, 26 Oct 2004 11:48:11 -0400

I'd go with "Traverse Folder/Execute File"...

But even that may be too much... 


Glenn Sullivan, MCSE+I  MCDBA
David Clark Company Inc. 
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Mike Perrin
Posted At: Tuesday, October 26, 2004 11:18 AM
Posted To: Windows 2000
Conversation: [windows2000] auditing file execution on Windows 2000
Subject: [windows2000] auditing file execution on Windows 2000


Hi all,

This is my first post for help, I've been passively reading this list
for a couple months now, I must say I'm very pleased with the expertise
and courtesy the people on this list exude. 

My issue is this:

I have a W2K server on which there is an application that runs from an
executable stored on the server. I wish to have an event generated in
the sec event viewer every time one of the 4 users who uses this app,
executes the file to open it.

So far I have:

Gone into local security policy (secpol.msc) and enabled auditing on
object access (success). 

Gone into the properties of the exe I am auditing and in the
security/advanced/auditing tab I have entered in the user accounts of
all the users I wish to audit. 

Here is where I am confused: which items have to be checked off in the
access table for this exe so that 2000 only gives me events when the
file is executed, not for every time someone breathes on the server or
looks at it funny (object access auditing is very very extensive, I want
to KISS (keep it simple silly).

Thanks in advance for the help,

Mike
********************************************************
This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check
out our games to relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts:

• » [windows2000] auditing file execution on Windows 2000
• » [windows2000] Re: auditing file execution on Windows 2000
• » [windows2000] Re: auditing file execution on Windows 2000

1. Home
2. windows2000
3. Archive
4. 10-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---