W
Wassed
Hello - does anyone here know how to produce audit logs for failed access to a "hidden file share". Say if I have a sub-folder on a share that is only accessible to users in an admin group. Read/execute permissions on the folder is restricted for everyone else.
If a domain user were to open the parent folder they would not see the sub-folder. If they tried to browser to it manually, i.e. entering <ip>\parentfolder\subfolder in their folder browser they receive an error stating "Windows cannot access <subfolder> due to a networking issue".
There does not appear to be any way to audit these access attempts - or is there? I have enabled all the Audit object access policies, detailed file share auditing via the local policy editor and set the appropriate audit p olicies on the folders themselves but it still does not log failed attempts - only successful ones.
But these only seem to work if the user can see the folder they can access, and not if the folder is 'hidden' due to a lack of permissions.
Any help would be most appreciated.
Continue reading...
If a domain user were to open the parent folder they would not see the sub-folder. If they tried to browser to it manually, i.e. entering <ip>\parentfolder\subfolder in their folder browser they receive an error stating "Windows cannot access <subfolder> due to a networking issue".
There does not appear to be any way to audit these access attempts - or is there? I have enabled all the Audit object access policies, detailed file share auditing via the local policy editor and set the appropriate audit p olicies on the folders themselves but it still does not log failed attempts - only successful ones.
But these only seem to work if the user can see the folder they can access, and not if the folder is 'hidden' due to a lack of permissions.
Any help would be most appreciated.
Continue reading...