You work as the help desk support technician at Domain.com. The Domain.com network consists of a single Active Directory domain named Domain.com.
The manager of the Sales department named Mia Hamm reports that unauthorized users are making changes to numerous sales files located on a Windows Server 2003 file server named Certkiller -SR01. Mia Hamm says that she has configured the appropriate permissions and file auditing on the files, but there is no audit information being generated on Certkiller -SR01 when users access the files.
You verify that Mia Hamm has the ability to alter file permissions and auditing settings on the sales files, and also that she has access to the correct logs to review audit information.
Which of the following is the option that you should take to make sure that all access to the sales files is tracked?
A.
Instruct Mia Hamm to audit only successful file access to the sales files on Certkiller -SR01.
B.
Instruct Mia Hamm to create a file for the security log on Certkiller -SR01.
C.
Ask an administrator to enable auditing on Certkiller -SR01.
D.
Increase the security log size on Certkiller -SR01.
Explanation:
As an administrator of a Windows XP Professional-based computer, you can configure your computer to audit user access to files, folders and printers. This facility is unavailable on Windows XP Home Edition.
The audit log appears in the Security log in Event Viewer. To enable this feature:
1. Click Start, click Control Panel, click Performance and Maintenance, and then click Administrative Tools.2. Double-click Local Security Policy.
3. In the left pane, double-click Local Policies to expand it.
4. In the left pane, click Audit Policy to display the individual policy settings in the right pane.
5. Double-click Audit object access.
6. To audit successful access of specified files, folders and printers, select the Success check box.
7. To audit unsuccessful access to these objects, select the Failure check box.
8. To enable auditing of both, select both check boxes.
9. Click OK.