Share via

Privilege on shared folder

Pakinam 1 Reputation point
2020-12-27T06:51:32.363+00:00

Need to know if i can get a detailed log with all changes done on a shared folder related to only privileges.

In other words, if permissions were changed to a certain folder within a timeframe.

Also, need to know what could be the reason of suddenly viewing all contents of a folder while it's only permitted to certain group (taking into consideration that no user is added to the privileges).

Could it be just a need to restart the server due to an update?

Thanks

Windows for business | Windows Server | User experience | Other
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jenny Yan-MSFT 9,376 Reputation points
    2020-12-28T05:29:26.027+00:00

    Hi,
    You could enable the auditing policy and track the changes from the event viewer after then.

    The relevant logs like 4670 and 4663 will give the information when permission changed.

    Reference links:
    How to detect who changed permission on File Servers
    https://community.spiceworks.com/how_to/125516-how-to-detect-who-changed-permission-on-file-servers
    Windows Security Log Event ID 4670-Permissions on an object were changed
    https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4670
    Windows Security Log Event ID 4663-An attempt was made to access an object
    https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4663

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Hope this helps and please help to accept as Answer if the response is useful.

    Thanks,
    Jenny

    0 comments
  2. Andreas Baumgarten 131.6K Reputation points MVP Volunteer Moderator
    2020-12-27T13:27:45.537+00:00

    As I said before: I've never seen this in the past.

    My recommendation is:

    Just use NTFS Permissions to control access. I've never used Share Permissions to control access to shares and files.

    In combination of Share Permissions and NTFS Permissions the most restrictive Permission wins.
    For instance:
    "Full Access on Share Permissions" and "Read Only on NTFS Permissions" = "Read Only" for the user accessing the share and files
    With NTFS Permissions you have way more options than with the 3 permissions (Full, Modify, Read) of Share Permissions.

    I haven't seen any requirement in practice in the last 30 years where it is required to deal with both types of permissions.

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

  3. Andreas Baumgarten 131.6K Reputation points MVP Volunteer Moderator
    2020-12-27T12:41:23.577+00:00

    Never heard of an update that is influencing the permissions/privileges that way before or after a restart of the server.

    What permissions you want to audit? The permission of the share or the NTFS permission of the shared folder on disk?

    Maybe this is helpful to track/audit the change of NTFS permissions:
    https://www.lepide.com/how-to/track-permission-changes-on-file-servers.html

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.