This paper was produced by the following members of Dell EMC. 2 Unified file permission model in OneFS. OneFS AIMA and file permission checking. Windows operating system and Server Message Block (SMB) protocol. Attempting to change the ownership of a file in a NFS environment, the ownership's.
Learning has never been so easy!
Any alteration on file server permissions is always alarming as it can harm organization’s security easily. Therefore, it’s vital to detect and keep track of every permission change happening on file server. One can easily record who has done those permission changes by enabling object access auditing and configuring the particular files and folders for permission change auditing. Then with help of event viewer, you can check permission change events in Windows Security logs.
Here are the steps:
11 Steps total
![Nfs Server And File Permissions Were Changed Nfs Server And File Permissions Were Changed](https://msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/47/85/5367.fig5.png)
Step 1: Enable object access auditing
To enable object access auditing, go to 'Administrative tools' and then open Local security policy.
Step 2: Click on Local Policies
In local security policy, click on Local Policies. Then click on Audit Policy and select Audit object access.
Step 3: Audit Success/Failure attempts
In order to audit successful attempts, click on Success. If you want to track failed attempts as well then you can select Failure. Then click Apply.
Step 4: Track permission changes
In windows explorer, select the properties of files or folders for which permission changes needs to be tracked.
Step 5: Select 'Advanced security' option
Then go to Security tab and click Advanced.
Step 6: Add New entry
After selecting advanced security option, go to Auditing tab. Here, it will show the existing auditing entries. If you want to add a new entry click on Add.
Step 7: Add to all users
It is better to add everyone so that all permission changes by all users can be tracked.
Step 8: Choose the option
Select the option which you want to perform.
Step 9: See Windows security logs
Then the newly created entry will get listed under the Auditing tab. And now, you can easily record permission changes in the Windows security logs.
Step 10: Go to Windows logs and select security
Now open the event logs and go to Windows logs and select security. On the right hand side, select Filter current log option. From this option you can easily add filters to all the permission changes happening on the file server.
Step 11: Filter log option to find events
You can use this filter log option to find events having IDs 4670 (permission changes).
Keeping track of who did what changes to permissions is indeed vital for every organization’s security. With the help of event viewer and windows security log, one can detect all permission changes happening on file servers effortlessly.
Published: Jan 06, 2016 · Last Updated: Jan 05, 2016
References
- LepideAuditor for File Server
- Track permission changes on Windows File Server