Audit & Shadowing Examples

Appendix: Examples : Permission and Audit Examples for Devices : Audit & Shadowing Examples

Log insert, remove and access actions for any USB devices for all users:

1. Select the USB port record from the list of device types under Auditing, Shadowing & Alerts, and then select Set Auditing, Shadowing & Alerts from the shortcut menu available by a right mouse click.

2. Click the Add button in the Audit dialog box and add the Everyone user (type the name or browse for all available names and select the needed one). Click OK to close the Select Users or Groups dialog box, select the Everyone record and enable Read and Write audit rights in the User’s Rights list.

3. Select the Audit Allowed and Audit Denied check box at the top of the Audit dialog box, and then click OK to apply changes and close the Auditing, Shadowing & Alerts dialog box.

Log only file and folder names upon denied write attempts for removable storage devices for the Users group:

1. Select the Removable record from the list of device types under Auditing, Shadowing & Alerts, and then select Set Auditing, Shadowing & Alerts from the shortcut menu available by a right mouse click.

2. Click the Add button in the Audit dialog box and add the Users group (type the name or browse for all available names and select the needed one). Click OK to close the Select Users or Groups dialog box, select the Users record and enable only the Write audit right in the User’s Rights list.

3. Select only the Audit Denied check box at the top of the Audit dialog, and then click OK to apply changes and close the Auditing, Shadowing & Alerts dialog box.

4. Enable the Audit folder operations parameter under Auditing & Shadowing in Service Options.

Shadow all data written to removable storage devices and floppies by any user:

1. Select Floppy and Removable records from the list of device types under Auditing, Shadowing & Alerts, and then select Set Auditing, Shadowing & Alerts from the shortcut menu available by a right mouse click.

2. Click the Add button in the Audit dialog box and add the Everyone user. Click OK to close the Select Users or Groups dialog box and select the Everyone record. Disable all audit rights and enable only the Write shadowing right in the User’s Rights list.

3. Click OK to apply changes and close the Auditing, Shadowing & Alerts dialog box.