Hey Joe,
That script, when run, only can return a
subdirectory. I tried using the flag false for the subdirectory not being
monitored, but I cant get it to work. I tried, true, false, 0, 1, and
2. I cant get it to monitor a folder like M:\Data. It will monitor
everything from data, through its subdirectories. Do you know how the flag
is supposed to be run? I am using perl version 5.8.7.
Thanks,
Nate
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, January 23, 2006 10:20 PM
To: [email protected]
Subject: RE: [ActiveDir] Permissions vanishing
Sorry for the delay, just catching back up. Had to step out
and review some chapters of the 2E version of the AD Cookbook.
The code is really basic, it simply sleeps until something
breaks or the security is changed. You can get help on the changenotify module
in the basic ActiveState Perl help as it is right in the Win32:: stuff. Just
scroll to the bottom of the TOC on the left of the User Guide and then under
Win32 look for ChangeNotify. Just slap that on a path and then if the security
changes on anything under that path it should fire. It won't tell you what
changed, just that there was a change.
#===================
use Win32;
use Win32::ChangeNotify;
use Win32::ChangeNotify;
$path=shift;
$WatchDir = new Win32::ChangeNotify($path, 1,
FILE_NOTIFY_CHANGE_SECURITY);
if(!$WatchDir)
{
print "Failed to monitor watch directory $path\n";
print "Error: " . GetError() . "\n";
exit();
}
$WatchDir->reset();
if(!$WatchDir)
{
print "Failed to monitor watch directory $path\n";
print "Error: " . GetError() . "\n";
exit();
}
$WatchDir->reset();
$WatchDir->wait or warn "Something failed:
$!\n";
print "There has been a change to the security.\n";
#===================
Glad you like oldcmp!
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNA
Sent: Friday, January 20, 2006 5:01 AM
To: [email protected]
Subject: RE: [ActiveDir] Permissions vanishing
Gil,
That is a good avenue of approach, although I do not recall
any GPO's that modify folder permissions, it is something I have not checked
nevertheless. I will give that a look.
Joe,
That would be great if you had the perl code for file
change/modification notification. I would greatly appreciate that. I
am using your oldcmp.exe right now and putting together some perl code that
parses through it to pull out host names and user names and then emails a
monthly list that can be used to clean them up in AD with a cron job consisting
of perl code based upon the Active Directory Cookbook's jobs. Your
utility is very useful. Thanks again.
Nate Bahta
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, January 20, 2006 1:13 AM
To: [email protected]
Subject: RE: [ActiveDir] Permissions vanishing
I concur with Gil, either something really bad is happening
or the auditing isn't tight (i.e. some account doing the work is outside of the
audit policy, like say you configured watch for domain users making changes and
it isn't catching the secprin doing it). Verify the SACL on the folder
(btw is that getting changed too?), make sure SharedData isn't a junction and
taking its perms from somewhere else, set up a script to do event notification
on the folder that will detect a DACL change and tell you exactly when it is
occurring.
On the last, if you need it, I think I have some old old
old old perl code I wrote back in the 90's to do file change notification I
could try and find. A friend of mine had a project where he had to set up an
auto FTP feed that had to be fired when certain file types hit the folder
so I whipped up a quick perl script to handle it.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Thursday, January 19, 2006 2:19 PM
To: [email protected]
Subject: RE: [ActiveDir] Permissions vanishing
The fact that nothing showed up in the audit log is
disturbing. Can you modify the ACL manually and see the audit entries that
appear?
Is there possibly a group policy that is changing the
ACLs?
-gil
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V Contractor NASIC/SCNA
Sent: Thursday, January 19, 2006 11:34 AM
To: [email protected]
Subject: [ActiveDir] Permissions vanishing
Hey everyone,
I am having a issue with a cluster server that shares our
our common access data drive. Every other day, the NTFS permissions on the
shared clustered drive will revert to only Administrators and System having
privleges. I have it set up as follows:
X:\SharedData - Share permissions
Authenticated Users RWX
X:\SharedData - Inherited NTFS
permissions Authenticated Users RX,LIST FOLDER
CONTENTS
Administrators
F
System F
Every other day or so the Authenticated users
vanish from the NTFS permissions.
I
enabled auditing on the folder for permission change, but nothing came up in the
security log that stated that the permissions had changed.
Any
ideas?
I
would appreciate anything anyone had to suggest.
Thanks,
Nate
