Forum
Topic: «misconcept - audit/shadow»
« Previous topic | Next topic »
|
lawrence walker
User profile Posts: 1 Joined: 07/02/2012 |
I don't understand what audit/shadow functions are
there are two options ('audit allowed' and 'audit denied') on top of the window I can either untick or tick both [it seems it's contradicting...] also there are more options for users audit -read -write shadowing -write by ticking read write, I can enable it but I don't understand the concept although I read the help section several times ----------- senario one Domain User audit -read (enabled) -write (enabled) shadow -write (enabled) does it mean domain user can read and edit audit file? I have no clue what the shadow function actaully does by clicking the 'write' option -------------- can you explain me how senario one is going to affect the system? |
| Posted: 07/02/2012 15:23:57 | |
|
Jennifer Bousquet
Technical Support Engineer Editor User profile Posts: 368 Joined: 07/20/2006 |
Audit "Allowed" vs Audit "Denied":
Do you wish to capture those events that were "allowed" based on your current configuration or those that are "denied" based on your current configuration? (Allowed being those events that are not controlled via Permissions and Denied being those attempts by a user to access data /devices configured to be denied via Permissions. Setting Audit Read/Write for a user does not allow them access to read/write... it allows DeviceLock to capture the events associated with the user attempting to Read/Write. Shadowing captures a "shadow" copy of any file written. Shadowing allows you to gain access to a file that was read and/or copied, depending on your settings. Audit allows you to see the event. If you only wish to capture the event, Audit is what you need. If you wish to capture the event(s) as well as a copy of the file(s) copies, you should use both Audit and Shadow. |
| Posted: 07/04/2012 18:51:13 |
Stay in contact with us through:
