[ActiveDir] Auditing permissions changes to a folder/disk/file

[Bahta Nathaniel V Contractor NASIC/SCNA]

All,   I am trying to audit changes to the permissions to a folder.  So far:   I have changed the local computer audit policy to audit success and failures of object access.  I have enabled auditing on a folder for Everyone and put a check in the box for Change Permissions success and failures. I then change the permissions on the folder. Security log for the system does not log anything.   Any thoughts on what step I may have missed or what could cause the Security log to not log any data?   Nate From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Holme Sent: Monday, December 05, 2005 6:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Saved Query for Distinguished Name Contains Thanks!!!! For the scoop, Joe!!!   And yes, I LOVE ADFIND, but it doesn’t provide a result set within the MMC… I’m trying to do an MMC (AD UC snap-in) Saved Query as the basis for a custom Taskpad … Sorry I wasn’t clear about that. Guess I’m out of luck.   Thanks again, though!  At least I know not to keep beating my head against the wall!   Dan     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, December 05, 2005 3:20 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Saved Query for Distinguished Name Contains   It seems I have been answering a lot of questions like this lately...   You can not put parts of the DN into the LDAP query. The only way to control what branches a query looks at are   1. Permissions 2. Search base 3. Search scope.   You need to be the most specific you need to be to either include or exclude various branches of the tree.   That being said, someone who wanted to have those specific branches filtered out or filtered in to the outputted return set but didn't mind actually returning a lot more data could look to see if they can find a tool that was written by someone bright enough to add options to let you do that.   Hey there is one... It is called adfind and has excldn and incldn switches to allow you to specify portions of a DN of objects you would like outputted.   FYI, there is a bug in the objects returned counter when using incldn, I have to go in and fish it out of there. It is because I cut and pasted the excldn code to produce the incldn section. ;o)   Anyway, your query would look something like   adfind -default -f objectcategory=computer -incldn ou=workstations   Keep in mind though that every computer in your org will be passed back to your client so if you have 100k computers and only 10 are in the ou=workstations ou's it will seem AWFULLY SLOW.... There is no way for me to get around that.        joe     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Holme Sent: Sunday, December 04, 2005 2:18 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Saved Query for Distinguished Name Contains Hey, all!   I am trying to create a saved query to pull out computers that exist within a WORKSTATIONS ou; and that OU may exist within several higher-level OUs, i.e.   distinguishedName=*OU=Workstations*   but the Saved Queries interface in ADUC doesn’t seem to like distinguishedName (I’ve also tried dn= and DN=).  Any ideas, please?     Dan Holme