Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

 

 

 

Home > Success Center > Log & Event Manager (LEM) > Monitor when a user tries to access a file for which they don't have permissions

Monitor when a user tries to access a file for which they don't have permissions

Table of contents
Created by Jason Dee, last modified by Jason Dee on Dec 07, 2016

Views: 1 Votes: 1 Revisions: 6

Overview

This article details how to audit events where a user tries to open a file or folder they have been denied access to.

Environment

All versions of LEM 

Detail

Due to the nature of Windows auditing, finding events for this specific scenario can be tricky. Try searching or creating a rule with the following conditions:

 

 

Note: To actually generate these events, your Windows Audit Policy must be monitoring Failures for the File System and Handle Manipulation subcategories. You will also need to adjust the auditing on the files/folders in question to montior failures for File Execution.

 

 

Last modified
16:15, 7 Dec 2016

Tags

Classifications

Public