Question

Discuss the process of folder and file auditing and the benefits thereof.

Answer 1

The process of folder nad file auditing

#Apply a basic audit policy ona file or folder.

.you can apply audit policies to individuals files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log.To complete this procedure, you must be logged on as a member of the built in aeministrators group or you must have been granted the manage auditing and security log right.

*To apply or modify auditing policy setting for a local file or folder

1.Right click the file or folder that you want to audit, click properties, and then click the security tab.

2.click advanced

3.in the advanced security settings dialog box,xli cl the Auditing tab, and then click continue

4.Do one of the following:

.To set up auditing for a new user or group,click add.click select a principal,type the name of the user or group that you want,and then click ok.

.to remove auditing for an existing group or user, click the group or usernam, click remove, click ok, and then skip the rest of the procedure.

.to view or Change auditing for an existing group or user,click its name, and then click edit.

5.in the type box, indicate what actions you want to audit by selecting the appropriate check boxes:

.to audit successful events,click success

.to audit failure events,click fail.

.to audit all events,click all.

6.in the applies to box, select the object(s) that the aidit of events will apply to these include

.This folder only

.This folder, subfolders and files

.This folder and subfolder

.This folder and files

.subfolders and files only

.subfolders only

.files only

7.By default,the selectes basic premissions to aidit are the following:

.Read and execute

.List folder contains

.Read

. additionally, you can choose full control, modify, and/or write permission with your selected audit combination.

IMPORTANT: Before setting up auditing for files and folders,you must enables object access auditing by defining policy settings for the object access event category. If you do not enable object access auditing,you will receive an error message when you set up auditing for files and folders, and no files or folders will be audited.