Hi All,I got an interesting request from our security engineer. He wants a report generated of all files that have had permissions changes within a certain period of time. I asked how he expected the report to be generated, but got a grunt in response. Anybody have an idea as to how to do this?Thanks!

Hi toadely,You'll have to turn on auditing on all the files that you will want to check or alternatively on the parent folder and let the audit settings inherit.You can do this by going to the security tab on the folder and then to advanced and then auditing. If you add the everyone builtin group and select the check box next to "change permissions" for successful and failed this will log all changes of the permissions on the files and folders to the security log.However for this to work you will have to have the "audit object access" local security setting enabled for success and failure. This can be enabled in the local security policy under security settings, local policies, audit policy. You could also enable this through GPO if you wanted to.I don't know what you could use to generate the report other that filtering the security log or using a third party utility. Microsoft has a utility called eventcomb which you may be able to use....http://support.microsoft.com/kb/308471Hope this helpsChris

Hi Chris!Thanks for replying! I appreciate it! The unfortunate thing is that the files are stored on a NAS device (EMC Celerra, NS704G). There's a management MMC available for managing CIFS services hosted on the NAS, but not much available to a Windows administrator in terms of control of policies. I was hoping there would be some tool that could take a look at file ownership or permissions properties change since X date.

Hi Toadely,Unfortunately I don't know much about NAS device auditing capabilities. I would imagine EMC have some form of tool that could be used to audit the files. It may be worth looking on the EMC site or contacting your EMC representative.Sorry I can't be of anymore help.Chris

Not a problem, Chris! I appreciate your taking the time on this question. Knowing my luck, if there was some sort of tool that would report file property changes it would ding every file on the NAS as having been changed due to archive bit settings. Un/Fortunately our Storage group likes to keep the inner workings of the NAS a black box to Windows administrators, so, we're not so sure what's available to us in terms of reporting. Ah, well. Thanks for your time!