You administer Windows 8 client computers in your company network. A computer that is
used by non-administrator users has a directory named C:\Folder1.
A shared collection of Microsoft Excel files is stored in the C:\Folder directory, with
nonadministrator users being granted modify permissions to the directory.
You discover that some files have been incorrectly modified by a user.
You need to determine which user made changes to the directory’s folder’s files.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
Set local policy: Computer Configuration\Windows Settings\Security Settings\Local
Policies\Audit Policy\Audit object access to Failure.
B.
From the Auditing Entry for Folder1, set the Principal to Guests, and then set the Type to
Failure for the Modify permission.
C.
From the Auditing Entry for Folder1, set the Principal to Everyone, and then set the Type
to Success for the Modify permission.
D.
Set local policy: Computer Configuration\Windows Settings\Security Settings\Local
Policies\Audit Policy\Audit object access to Success.
Explanation:
We must audit for success, as we want to know which user has modified the
file.