On Jan 4, 2008 8:04 AM, Ziots, Edward <[EMAIL PROTECTED]> wrote: <snip> > 1) Snapshot the NTFS/Share permissions on a server by server basis over > time, to assist in recovery if my helpdesk etc etc steps on the > permissions and causes issues with the servers. ( I believe Scriptlogic > and Security Explorer and a few others in this realm I have seen but not > played with personally)
I use a batch job for NTFS permissions, using fileacl.exe. It runs every night, and sends me a diff between that and the previous day. I store the output of each run for a year. You can do similar things with rmtshare.exe from the RK. > 2) Eventlog management tools to track, alert, manage and archive logs to > a SQL Database or other remote medium for auditing and compliance. I can > see this with both Agent based and non-agent based deployments. ( GFI, > SMS, MOM, Configuresoft, Netpro, Quest, etc etc?) I am looking to track > the following: AD changes, modifications, down to an attribute level, > server permission changes, additions, deletes at the file and folder > level, with a nice reporting mechanism accordingly, to get proactive > with this) ( Also its an internal audit recommendation) > > Feel free to chime in on the good/bad/ugly of the situation. IntersectAlliance's GPL'ed Snare client, logging to Kiwisoft's $100 (last time I checked) syslog server, which provides ODBC and scripting functionality. Works pretty well. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
