Members know their Windows 2000 local file and folder auditing basics

Over 550 TechRepublic members took our Windows 2000 file and folder auditing quiz. Find out how many knew which logs contain logged auditing events and how to audit file and folder access.

Tracking unauthorized access to sensitive data is a sound security strategy for any size organization. And Windows 2000 allows you to accomplish this through the local auditing of file and folder access. To test our members’ knowledge of this important security feature, we developed a quick, five-question quiz. More than 550 TechRepublic members took our shortcuts pop quiz. Here’s a rundown of how they did. Would you have done better?

Monitoring file and folder access
Unfortunately, this question’s correct answer was somewhat obscured by a typo. The correct answer as listed on the quiz’s answer page was Audit object policy. It should have read Audit object access, as there is no Audit object policy event. Due to this mistake, I don’t think the results, shown in Figure A, are entirely accurate.

Figure A

Those who chose the answer Audit object policy likely assumed it was correct because it was the closest answer to Audit object access. Those who chose Audit privilege use were probably thinking it was the most correct actual event listed as an answer. To clear up any confusion, the following list describes each event you can audit:

Audit account logon events allows you to track successful and unsuccessful logons to the workstation.
Audit account management allows you to track when changes are made or attempted to local user accounts, such as creating an account, deleting an account, modifying an account, enabling or disabling an account, or changing a password.
Audit directory service access allows you to track access to an Active Directory object that has its own System Access Control List (SACL) and is used only for tracking Active Directory domain events. Check out this TechRepublic article for more information on ACLs, DACLs, and SACLs.
Audit logon events allows you to track when users successfully or unsuccessfully log on, log off, or establish a network connection with the audited workstation. You most likely want to audit unsuccessful logons.
Audit object access allows you to track successful and unsuccessful attempts to access an object for which an SACL is configured. This can include files, folders, and even registry keys.
Audit policy change allows you to track changes to audit or trust policies and user rights assignments.
Audit privilege use allows you to track when a user exercises a user right.
Audit process tracking allows you to track system processes, such as when an application starts.
Audit system events allows you to track when the workstation is restarted or shut down and when something affects system security or the Security log.

For complete instructions on auditing file and folder access, check out Brien Posey’s TechRepublic article “Improve Windows 2000 Pro security through local file and folder auditing”.

Monitoring both failed and successful access attempts

Figure B

The correct answer is False, and 89 percent those who took the quiz knew this, as shown in Figure B. Each audit policy can be configured to track successes, failures, neither, or both.

Monitoring both individuals and groups

Figure C

The correct answer is False, and 70 percent got this one correct, as shown in Figure C. Once you’ve enabled Audit object access, you can audit a file or folder by right-clicking it and selecting the Properties command from the resulting menu. Select the Security tab, and click the Advanced button. Select the Auditing tab, and then click the Add button. You’ll be presented with a list of users and groups. You can then select the users or groups that you wish to audit.

Logging auditing events

Figure D

The correct answer is Event Viewer Security log, and 71 percent of our quiz takers knew this answer, as shown in Figure D. To view your logged auditing events, click on Start | Programs | Administrative Tools | Event Viewer and select Security Log, as shown in Figure E.

Figure E

This is what the Security log looks like.

Contents of the Audit log

Figure F

The correct answer is True, and 89 percent of our quiz takers knew the answer, as shown in Figure F. To view details about a particular log entry, shown in Figure G, double-click the entry or right-click and select Properties. Event details include date, time, user, computer, category, source, type, event ID, and a description.

Figure G

Results positive
Despite the typo in Question 1, I think these results demonstrate that most of those who took the quiz have a firm understanding of Windows 2000 file and folder auditing. For those who got all of the questions correct, great job. As I’ve mentioned in my previous pop quiz results articles, you get the TechPoints for just taking the quiz, not for getting all the answers correct. Good luck on our next pop quiz.

You be the teacher

If you have a topic you’d like us to cover in an upcoming pop quiz, we want to hear about it. Post a comment to this article or drop us a line and share your suggestions for both quiz topics and questions.

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE This Media disposal policy from TechRepublic Premium provides specific instructions for ensuring organization data is properly protected when disposing of old storage media. From the policy: POLICY DETAILS When disposing of damaged, unusable, obsolete, off-lease, decommissioned, old, or end-of-service-life equipment and media, the organization requires that the guidelines outlined herein be followed: Hard drives, ...

PURPOSE To take some of the effort out of writing (and rewriting) emails to share with company staff and executives, TechRepublic Premium has assembled basic templates to handle the most common types of communications. Simply copy the text into your favorite word processor and customize it to fit your needs. Then, paste it into an ...

Members know their Windows 2000 local file and folder auditing basics