Submit a ticketCall us

WebinarUpcoming Webinar: How Help Desk and Remote Support Pays for Itself

Learn how help desk software can simplify ticketing management, allow you to track hardware and software assets, and accelerate the speed of IT support and service delivery. Gain insights on how remote support tools allow your IT team to maximize their efficiency and ticket resolution by expediting desktop troubleshooting, ultimately helping keep end-users happy and productive.

Register here.

Home > Success Center > Log & Event Manager (LEM) > Monitor when a user tries to access a file for which they don't have permissions

Monitor when a user tries to access a file for which they don't have permissions

Table of contents
Created by Jason Dee, last modified by Jason Dee on Dec 07, 2016

Views: 1,177 Votes: 0 Revisions: 6

Overview

This article details how to audit events where a user tries to open a file or folder they have been denied access to.

Environment

All versions of LEM 

Detail

Due to the nature of Windows auditing, finding events for this specific scenario can be tricky. Try searching or creating a rule with the following conditions:

 

 

Note: To actually generate these events, your Windows Audit Policy must be monitoring Failures for the File System and Handle Manipulation subcategories. You will also need to adjust the auditing on the files/folders in question to montior failures for File Execution.

 

 

Last modified

Tags

Classifications

Public