Information Technology Reference
In-Depth Information
3.
Select Define This Policy Setting in the File System Properties dialog box and then
click Configure to open the Advanced Security Settings for Global File SACL dialog box
shown in Figure 2-37.
FIGURE 2-37
The Advanced Security Settings For Global File SACL dialog box
4.
Click Add to open the Auditing Entry For Global SACL dialog box.
Click Select A Principal to open the familiar Select User, Computer, Service Account, Or
Group dialog box. Add groups, computers, or users to audit and then click Next.
5.
Select the Type of audit from the list.
6.
Select the Permissions to audit.
7.
Use the Add A Condition To Limit The Scope section to limit the scope of this audit, as
shown in Figure 2-38, in which I'm building a condition that will tell me if any Domain
Admins who are not also Enterprise Admins take ownership of a file.
8.
Click OK to add the audit expression, as shown in Figure 2-39.
9.
10.
Click Apply to continue adding audit entries, or click OK to complete the audit entry
and complete the configuration of the expression-based audit policy.
