All vendors belong to a global group named vendors.
You place three file servers in a new organizational unit (OU) named
ConfidentialFileServers. The three file servers contain confidential data located in shared
folders.
You need to record any failed attempts made by the vendors to access the confidential data.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
Create a new Group Policy Object (GPO) and link it to the ConfidentialFileServers OU.
Configure the Audit object access failure audit policy setting.
B.
Create a new Group Policy Object (GPO) and link it to the ConfidentialFileServers OU.
Configure the Audit privilege use Failure audit policy setting.
C.
On each shared folder on the three file servers, add the Vendors global group to the
Auditing tab.
Configure Failed Full control setting in the AuditingEntry dialog box.
D.
On each shared folder on the three file servers, add the three servers to the Auditing tab.
Configure Failed Full control setting in the AuditingEntry dialog box.
E.
Create a new Group Policy Object (GPO) and link it to the ConfidentialFileServers OU.
Configure the Deny access to this computer from the network user rights setting for the
Vendors global group.
Explanation:
Windows Server 2008 R2 Unleashed (SAMS, 2010) page 671
Auditing Resource Access Object access can be audited, although it is not one of the
recommended settings. Auditing object access can place a significant load on the servers,
so it should only be enabled when it is specifically needed. Auditing object access is a twostep process: Step one is enabling “Audit object access” and step two is selecting the
objects to be audited. When enabling Audit object access, you need to decide if both failure
and success events will be logged. The two options are as follows:
Audit object access failure enables you to see if users are attempting to access objects to
which they have no rights. This shows unauthorized attempts.
Audit object access success enables you to see usage patterns. This shows misuse of
privilege.
After object access auditing is enabled, you can easily monitor access to resources such as
folders, files, and printers.
Auditing Files and FoldersThe network administrator can tailor the way Windows Server 2008 R2 audits files and
folders through the property pages for those files or folders. Keep in mind that the more files
and folders that are audited, the more events that can be generated, which can increase
administrative overhead and system resource requirements.
Therefore, choose wisely which files and folders to audit. To audit a file or folder, do the
following:
1. In Windows Explorer, right-click the file or folder to audit and select Properties.
2. Select the Security tab and then click the Advanced button.
3. In the Advanced Security Settings window, select the Auditing tab and click the Edit
button.
4. Click the Add button to display the Select User or Group window.
5. Enter the name of the user or group to audit when accessing the file or folder. Click the
Check Names button to verify the name.