logged file/folder creation,modification,deletion - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 06-12-2006, 02:06 PM   #1 (permalink)
Newb Techie
 
Join Date: Jun 2006
Posts: 3
Default logged file/folder creation,modification,deletion

I'm trying to debug an installer, and I want to make sure that installations are performed properly when I tweak some settings. What I want to do is compare the logged file/folder changes after a proper installation to the logged changes after a tweaked installations, and if all files/folders were created,changed,deleted in exactly the same way, I know the tweak install was ok.

So is there a system file that keeps track of all creation, modification, and deletion of file and folders? I think it might be ntuser.dat.log or software.log, but I'm not sure. I came to these two files by creating, modifying, and deleting randome files, then performing multiple "date modified" searches to find the files that are most frequently modified when I perform these operations.
The problem is, if one of these two files is the one I'm looking for, I can't access either of them since they are system files currently in use.

So my question is if there is a file that logs file/folder creation/mod/del and how to access this file if access is prevented.
__________________

lefnire is offline  
Old 06-12-2006, 02:34 PM   #2 (permalink)
It's all just 1s and 0s
 
office politics's Avatar
 
Join Date: Jan 2004
Location: in the lab
Posts: 6,555
Send a message via MSN to office politics
Default

http://www.microsoft.com/resources/d....mspx?mfr=true

Quote:
Audit object access

Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy

Description
Determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified.

If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when a user successfully accesses an object that has a SACL specified. Failure audits generate an audit entry when a user unsuccessfully attempts to access an object that has a SACL specified. To set this value to no auditing, in the Properties dialog box for this policy setting, select the Define these policy settings check box and clear the Success and Failure check boxes.

Note that you can set a SACL on a file system object using the Security tab in that object's Properties dialog box.

Default: No auditing.
__________________

office politics is offline  
Old 06-12-2006, 03:17 PM   #3 (permalink)
Newb Techie
 
Join Date: Jun 2006
Posts: 3
Default

this looks like my guy. Do you know if audits (if turned on) are logged in a file somewhere? also, I noticed the audits spot file alterations, but is there a way to show what alterations were made? for example, if I opened up a text file file, deleted some words, and saved it... is there anyway I can find out any more than that the text file was simply altered?
lefnire is offline  
Old 06-12-2006, 04:13 PM   #4 (permalink)
It's all just 1s and 0s
 
office politics's Avatar
 
Join Date: Jan 2004
Location: in the lab
Posts: 6,555
Send a message via MSN to office politics
Default

audit logs can be viewed in event viewer in security tab.


it wont show you what data has changed. It will just tell you that the data WAS changed.
office politics is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 04:11 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.