If you have kids or other persons who access the same computer take a look at what they are accessing.
You can use this in many forms and could even assign this to certain programs such as games, media files, etc. Windows Vista Home edition is great to do this as well using the Parental Controls inside the Control Panel.
As I show you a little bit you will understand how the wide array of options that are avaliable in Auditing.
I am running Vista Business. You will notice this from the images.
1. Click Control Panel
Click Classic View, if not enable already
2. Click Administrative Tools
3. Double-click Local Security Policy and Click Continue
4. In the left pane, expand Local Policies and click Audit Policy
5. Double-click Audit object access. This option enables auditing for file access.
6. Select the Success and Failure check boxes, because you want to have the option of seeing either the successes or failures of a user (in this case accessing Windows Meeting Space).
7. Close all open windows
8. Click the Start button and go to All Programs
9. Right click Windows Meeting Space and click on Properties
10. Click the Security tab and click on the Advanced button
11. Click on the Auditing tab and click Continue and then click Continue once more to pass the User Account Control
12. Click Add
13. Type Everyone, click Check Names, and click OK. You are now doing to be able to see every user in your audit. If you desired to only audit a select few users, you would need to input thier user names one by one. Another option to adding one by one is adding a group (now if you are intending to narrow the selection from more than just the Users group, than you would have to create a group within the MMC.)
14. To keep in simple, we will look to see if the program is executed or not. Select the Success and Failure check boxes of the traverse folder/ execute file option (second row from the top).
15. Click OK four times to close the dialog boxes
16. Click the Start button and go to All Programs
17. Click Windows Meeting Space
18. Close Windows Meeting Space
19. Close all windows
20. Click the Start button
21. Right-click Computer and click manage from the drop down menu
22. In the left pane expand Event viewer, expand Windows Logs and click on Security
23. Notice the extensive list of events logged. Right-click Security in the left pane and click Filter current log
24. In the Event sources box, select Security-Auditing
25. In the Task category box, select File System
26. In the Keywords box, select Audit Success and Audit Failure.
27. Click OK and look through the displayed events.
28. Double-click on the most bottom event, notice that the user account is listed (the image shows u1 as the user name.
1 comment:
There is also file system auditor that is perfect for file server auditing.
The tool can audit and real-time report on any file operation, file access attempt or permission change.
Post a Comment