[ActiveDir] I need an auditing and control solution [and yes I'll even fork money out for this]

Fri, 09 Dec 2005 10:37:25 -0800 

Problem -- the 'fatal finger syndrome'
I have a collaborative firm. There are certain folders that everyone in the office [well with very few exceptions anyway] need to get into. Due to mouse's and dexterity.... over the years individuals have been the root cause of my "fatal finger syndrome" a condition where one person clicks on a folder and accidentally slides it under a neighbor. These days we don't freak, we just look around and find the slid folders and move them back. 


So the other day, under a certain folder, client folders beginning with 
the letters co through zz end up ...not slid...not moved, but gone, 
deleted.  Now between the shadow file copy that the system does, the 
robocopy batch file [yes I actually wrote a small bat file, Joe would be 
so proud] to pull of copies of that one drive to a spare harddrive, and 
nightly backups, I have enough paths to ensure that I've got multiple 
ways to get to that data so that it was minor to push the data back.... 
but it's obvious to me I need way better control over the fatal finger 
syndrome.



I'm stuck in the position of ...that I can't [as far as all that I"ve 
ever been able to find] unable to set permissions in such a way to allow 
for creating folders, but not sliding folders nor deleting them.



I'm going to review adjusting 'object access' for those series of 
folders and look into a 'dump to storage' of an auditing software since 
I know this will increase my already noisy security log files.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/50fdb7bc-7dae-4dcd-8591-382aeff2ea79.mspx


I'm testing out whacking off/disabling cut and paste and seeing if that 
freaks anyone out in the office [I believe the disabling of cut and 
paste in IE will also affect the Windows explorer?]


Stupid questions.......


1.  Any other ideas or suggestions from the AD gurus to minimize this 
'fatal finger syndrome' that I'm fighting
2. To better track the issue?  Flag it?  Control it?  Stop it?  Besides 
hitting people upside the head?



I've got the recovery process/procedures so that I can restore data, but 
I'd like it either stopped or identified as it happens.


--

Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/






















					Reply via email to