File Share Object Access Security Audit... Bug?

By JeremyTan ·
Hi everyone,

I have recently turned on Object Access Audit from group policy and added the domain Administrator user to a particular folder to be audited for all Success and Failure events. However, after reviewing the security logs, I have discovered that the system not only tracks Success and Failure actions for Administrator, it also captured actions by other users as well.

Something peculiar I've noticed in the logs for other users is that when I use the Administrator account to try to access the folder or resource that the other user was accessing, I always get Access Denied message. This is strange because all files and folders in the file server are supposed to be under Administrator's ownership. I cannot list the folder, not view any security settings for the folder. I am also reluctant to take ownership of that folder because the user is a high ranking executive and may make a fuss about it.

Is it possible that after I turn on auditing for the root folder for Administrator, then when a user creates a subfolder under it, the ownership of the folder is his and somehow the audit settings are turned on for him?

Below is a simplified error path:
1) I turn on audit settings for Administrator
2) Security log shows audit logs for user abcxyz in folder G:\share\subfolder1
3) Administrator tries to access G:\share\subfolder1 and view Security settings, but Access is denied.

The server OS is Windows Server 2003 Standard R2.

Thanks in advance for any help offered.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Share your knowledge

Related Discussions

Related Forums