Topic: «misconcept - audit/shadow»
I don't understand what audit/shadow functions are
there are two options ('audit allowed' and 'audit denied') on top of the window
I can either untick or tick both
[it seems it's contradicting...]
also there are more options for users
by ticking read write, I can enable it
but I don't understand the concept although I read the help section several times
audit -read (enabled)
shadow -write (enabled)
does it mean
domain user can read and edit audit file?
I have no clue what the shadow function actaully does by clicking the 'write' option
can you explain me how senario one is going to affect the system?
|Posted: 07/02/2012 15:23:57|
Technical Support Engineer
Audit "Allowed" vs Audit "Denied":
Do you wish to capture those events that were "allowed" based on your current configuration or those that are "denied" based on your current configuration? (Allowed being those events that are not controlled via Permissions and Denied being those attempts by a user to access data /devices configured to be denied via Permissions.
Setting Audit Read/Write for a user does not allow them access to read/write... it allows DeviceLock to capture the events associated with the user attempting to Read/Write.
Shadowing captures a "shadow" copy of any file written. Shadowing allows you to gain access to a file that was read and/or copied, depending on your settings. Audit allows you to see the event. If you only wish to capture the event, Audit is what you need. If you wish to capture the event(s) as well as a copy of the file(s) copies, you should use both Audit and Shadow.
|Posted: 07/04/2012 18:51:13|