Your network contains an Active Directory domain named contoso.com. The domain contains a file servernamed Server1 that runs Windows Server 2012 R2.
You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)
On Server1, you have a folder named C:\\Share1 that is shared as Share1. Share1 contains confidential data. A
group named Group1 has full control of the content in Share1.
You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in
Share1.
What should you configure?
A.
the Audit File Share setting of Servers GPO
B.
the Sharing settings of C:\\Share1
C.
the Audit File System setting of Servers GPO
D.
the Security settings of C:\\Share1
Explanation:
You can use Computer Management to track all connections to shared resources on a Windows Server 2008
R2 system.
Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in
the Sessions node.
File access, modification and deletion can only be tracked, if the object access auditing is enabled you can see
the entries in the event log.
To view connections to shared resources, type net session at a command prompt or follow these steps:
1. In Computer Management, connect to the computer on which you created the shared resource.
2. In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now
view connections to shares for users and computers.
To enable folder permission auditing, you can follow the below steps:
1. Click start and run “secpol. msc” without quotes.
2. Open the Local Policies\\Audit Policy
3. Enable the Audit object access for “Success” and “Failure”.
4. Go to target files and folders, right click the folder and select properties.
5. Go to Security Page and click Advanced.
6. Click Auditing and Edit.
7. Click add, type everyone in the Select User, Computer, or Group.
8. Choose Apply onto: This folder, subfolders and files.
9. Tick on the box “Change permissions”
10.Click OK.
After you enable security auditing on the folders, you should be able to see the folder permission changes in the
server’s Security event log. Task Category is File System.http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-
f2eb10f3f10f/
http://technet.microsoft.com/en-us/library/cc753927(v=ws.10).aspx
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-
f2eb10f3f10f/
http://support.microsoft.com/kb/300549
http://www.windowsitpro.com/article/permissions/auditing-folder-permission-changes
http://www.windowsitpro.com/article/permissions/auditing-permission-changes-on-a-folder
