I need to troubleshoot a security problem. There's a program (nokia pc suite if you need to know ), that works fine when the user has administrative rights, but with normal user rights a portition of the program (namely datalayer.exe) crashes. I need a program that monitors what resources datalayer.exe tries to access to set up proper permissions.
It needs to be freeware, as it's for this onetime use only.
-M
If it is Win2k/XP pro..... right click the group of folder(s) and file(s) you wish to monitor and then select properties.
Go into the security tab and then click the Advanced button.
Click on the auditing tab and then click add
select everyone and then click ok
When prompted check the boxes for the successfull and failed actions you want to monitor and then click ok
Click ok...Click ok.
Now that you've turned on auditing for those folders and files that you've selected... any actions that you selected to audit will appear in the security log in the event viewer. To look at the log right click My Computer and then select Manage. Expand the Event Viewer and then look at the security log.
Running the program should produce the failure entries you're looking for....then you'll know which files need full access.
NOTE: Remeber which folders and files you're auditing! When you're done go back in and remove everyone from the auditing list. Too much auditing left on can slow down a system...
FUNNY TRICK: Just for fun I used to place a shared file on my system and then go to our companies workgroup space. Under the temp section that everyone uses, I would create a folder called EpisodeITrailer or something else non work related and then I would place a shortcut in the folder to the shared file on my pc. Then all I had to do was watch my security log to see who was going into the folder on a regular basis (just listing the shortcut created an entry telling me what host name and user logon just opened the folder). Interseting way to see who's browsing around and slacking off and how often! (made for some funny copnversations!..."hey, how did you know I was browsing in there!")
Last edited by cadetstimp; 09-20-2003 at 04:24 AM.
Thank you all.
With w2ks native auditing I was able to see what files were accessed without rights, and ntregmon showed me what registry key it was failing to write to.
(HKLM\Software\Nokia\Datalayer)
Boy, the ntregmon util listed like 100 events every millisecond Had some job to find the correct failure. (there were like cazillion of notfounds and bufferoverflows)
), that works fine when the user has administrative rights, but with normal user rights a portition of the program (namely datalayer.exe) crashes. I need a program that monitors what resources datalayer.exe tries to access to set up proper permissions.
Linear Mode
