« 上一篇下一篇 »

6-3+ Practice: Auditing File System Access

Practice: Auditing File System Access
In this practice, you will configure auditing settings, enable audit policies for object access, and filter for specific events in the security log. The business objective is to monitor the deletion of files from an important folder, to ensure that only appropriate users are deleting files.
Exercise 1: Configure Audit Settings
1. Log on as Administrator.
2. Open the Advanced Security Settings dialog box for the C:\Docs\Project 101 folder.
3. Click the Auditing tab.
4. Add an audit entry to track the Project 101 Team group. Specify that you wish to monitor Success and Failure of the Delete permission.
Exercise 2: Enable Audit Policy
Because you are logged on to a domain controller, you will use the Domain Controller Security Policy console to enable auditing. On a stand-alone server you would use Local Security Policy. You could also leverage GPOs to enable auditing.
1. Open Domain Controller Security Policy from the Administrative Tools folder.
2. Expand Local Policies and select Audit Policy.
3. Double-click Audit Object Access.
4. Select Define These Policy Settings.
5. Specify to enable auditing for both success and failure audit entries.
6. Click OK, and then close the console.
7. To refresh the policy, and to ensure that all settings have been applied, open a command prompt and type the command gpupdate.
Exercise 3: Generate Audit Events
1. Log on as Danielle Tiedt.
2. Connect to \\Server01\Docs\Project 101.
3. Delete the Report text file.
6-36 Chapter 6 Files and Folders Exercise 4: Examine the Security Log
1. Log on as Administrator.
2. Open Event Viewer from the Administrative Tools folder.
3. Select the Security log.
4. What types of events do you see in the Security log? Only Object Access events? Other types of events? Remember that policies can enable auditing for numerous security-related actions, including directory service access, account management, logon, and more.
5. To filter the log and narrow the scope of your search, choose the Filter command from the View menu.
6. Configure the filter to be as narrow as possible. What do you know about the event you are trying to locate? You know it is a success or failure audit; that it is an Object Access event category; and that it occurred today. Check your work by referring to Figure 6-15.
7. Click Apply.
8. Can you more easily locate the event that marked Danielle’s deletion of the Report file? Open the event and look at its contents. The description indicates the user and the file and the action. You could not filter for contents of the description in Event Viewer, but you could do so by exporting the file to a log analysis tool or to Microsoft Excel.
9. (Optional) If you have access to Microsoft Excel, right-click the Security log node and choose Save Log File As. Enter a name and select Comma-Delimited as the file type. Open the file in Excel.
Lesson Review
The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the “Questions and Answers” section at the end of this chapter.
1. Which of the following must be done to generate a log of resource access for a file or folder? Select all that apply.
a. Configure NTFS permissions to allow the System account to audit resource access.
b. Configure audit entries to specify the types of access to audit.
c. Enable the Audit Privilege Use policy.
d. Enable the Audit Object Access policy.
Lesson 3 Auditing File System Access 6-37 2. Which of the following are valid criteria for a security log filter to identify specific file and folder access events? Select all that apply.
a. The date of the event
b. The user that generated the event
c. The type of object access that generated the event
d. Success or failure audit
3. Users at Contoso Ltd. use Microsoft Office applications to access resources on Server01. Your job is to monitor Server01 to ensure that permissions are not too restrictive, so that users are not prevented from achieving their assignments. Which log, and which type of event, will provide the information you require?
a. Application log; Success Event
b. Application log; Failure Event
c. Security log; Success Event
d. Security log; Failure Event
e. System log; Success Event
f. System log; Failure Event
Lesson Summary
■珹udit entries are contained in the security descriptor of files and folders on NTFS volumes. They are configured using Windows Explorer, from the properties of a file or folder, using the Advanced Security Settings dialog box.
■珹udit entries alone do not generate audit logs. You must also enable the Audit Object Access policy from Local Security Policy, the Domain Controller Security Policy, or a GPO.
■琓he Security log, viewable with the Event Viewer snap-in, allows you to locate and examine object access events.

  还没注册Payoneer的朋友可免费申请一个,现在申请Payoneer可获得25美元奖励并且直接享受1.2%全包的优惠:不仅入账免费,全币种提现只收1.2%的费用,无汇损,当你累积收款1000美元时将一次性获得25美元奖励。此外,若自注册之日起的3个月内全币种累积收款达到等值的25000美元,Payoneer将额外奖励你250美元。需要注意的是,如果你直接打开Payoneer官网进行注册,是没有上述优惠的,请务必打开【野猪尖的推荐链接】进行注册。Payoneer注册咨询QQ:2822129880

Payoneer

野猪尖的推荐链接https://www.payoneer.com/zh/znp (此地址要完整地复制,建议直接点击)

【Payoneer申请教程:个人账户企业账户订购Payoneer实体卡(P卡)

Payoneer注册与使用指南(包括P卡申请、Payoneer官方、手续费、收款、提现和消费):
注册-收款工具那么多,为何选择Payoneer? | 为何申请Payoneer万事达预付卡+欧美日收款银行账号
   Payoneer有卡账户和无卡账户的区别Payoneer个人账户注册申请教程P卡公司帐户注册教程
   Payoneer欧元帐户虚拟卡) | Payoneer英镑帐户Payoneer日元帐户Payoneer加元帐户
   订购实体卡(P卡Payoneer卡年费啥时候扣? | Payoneer卡休眠和激活P卡到期后如何更换
   买卖Payoneer(P卡)的风险如何注销P卡

官方-Payoneer秉承公正、公开、透明服务Payoneer官方最新政策汇总官方客服联系方式
   Payoneer官方费用表如何减少Payoneer的手续费?点此免除入账费点此降低提现费
   跨境收款服务商拷问篇——PayoneerPayoneer客户答疑手册(FAQ)Payoneer手机App

收款-跨境电商/外贸收款方式对比Payoneer可以错名收款吗
   Amazon亚马逊卖家设置Payoneer卡收款教程Payoneer可提供亚马逊KYC审核所需银行账单
   Amazon亚马逊收款方式对比(Payoneer,World First,PingPong,美国/香港银行卡)
   CJ联盟设置Payoneer卡收款ClickBank联盟设置Payoneer收款Amazon联盟设置P卡收款
   Payoneer如何从东南亚电商平台Lazada收款如何在Lazada开店
   Payoneer如何从拉美电商平台Linio收款? | Payoneer绑定非洲电商平台Jumia收款
   Payoneer支持从美国电商平台Newegg收款Payoneer支持从虾皮Shopee收款
   Payoneer如何从跨境移动电商Wish收款? | Payoneer针对Wish卖家推出提前放款服务
   Payoneer支持从法国乐天Priceminister收款法国电商平台CDiscount对接Payoneer收款
   如何使用Payoneer请求付款?如何向Payoneer充值
   从PayPal提现到Payoneer卡教程及手续费用PayPal无法绑定并转账到Payoneer卡

提现-从Payoneer卡提现到国内银行账户Payoneer无法从Dating联盟收款并限制提现方式
   用P卡在中国银行ATM机取款4000元用Payoneer卡在中国建设银行ATM机取款500元

消费-Payoneer为卖家提供更便捷的VAT缴费方案用Payoneer卡在GoDaddy买域名主机教程


人在做天在看,转载请以链接的形式注明本文地址
本文地址:http://www.zhaoniupai.com/blog/archives/220.html