The syntax of this command is:
NET AUDITING resource [/ADD name:options[ ...] |
/CHANGE name:options[ ...] | /DELETE name[ ...]]
This command displays and modifies the auditing settings of a
resource.
COMMENTS
You must supply a resource name when using this command.
Use the "net auditing" command for auditing the use of files and
directories by users and groups. For a particular file or directory,
you can specify which groups or users to audit. You can audit both
successful and failed actions.
When no options other than resource name are specified, the command
lists the auditing information for the resource.
When the server displays auditing information, it designates groups with
an asterisk ( * ).
If used on a directory "\\server1\share1\dir1", the output of
"net auditing \\\\server1\\share1\\dir1" will look similar to the
following:
Resource: \\server1\share1\dir1
Name: Events To Audit:
--------------------------------------------------------------------------
MARKET_DOM\Administrator SR,SW,SX,SD
MARKET_DOM\user1 SP,FR,FW,FX
For every user or group, the following auditing options can be specified:
Code Auditing option
_______________ _____________________________________________
SR Audit successful read access of the resource.
FR Audit failed reads of the resource.
SW Audit successful writes of the resource.
FW Audit failed writes of the resource.
SX Audit successful executes of the resource.
FX Audit failed executes of the resource.
SD Audit successful deletes of the resource.
FD Audit failed deletes of the resource,
SP Audit successful permissions changes of the
resource.
FP Audit failed permissions changes of the
resource.
SO Audit successful changes to the ownership of the
resource.
FO Audit failed changes to the ownership of the
resource.
When specifying more than one auditing option for the access to the
resource by the user or group, separate the options by commas.
NOTE: Auditing options do not take effect until the audit policy of
the domain is set to audit file and object access. Use Audit
Policy menu to set the audit policy.
EXAMPLES
At a UNIX system console, to add auditing of successful read access
by user "jennyt" from domain "market_dom" and failed write access
by user "samw" from the local domain to the directory "/tmp"
type the following:
net auditing c:/tmp /add market_dom\\jennyt:sr samw:fw
To change auditing settings for group "users", whose
access to the file "file1" on share "share1" on the local server is
already being audited, to auditing of all failed accesses, type
the following:
net auditing \\share1\\file1 /change users:fr,fw,fx,fd,fp,fo
To add auditing of all write accesses to file "file1" on share "share1"
of server "server1" by user "bobp" from domain server1_dom, type
the following:
net auditing \\\\server1\\share1\\file1 /add server1_dom\\bobp:sw,fw
To stop auditing accesses by user "jennyt" from the local domain to
the root directory of share "share1", type the following:
net auditing \\share1\\ /delete jennyt
SEE ALSO
For information about See
_____________________ _________
Getting help with network commands net help
Managing resource permissions net perms
To get Help on command options, type "net help {command} /options | more".
To get Help one screen at a time, type "net help {command} | more".