Chat now with support
Chat with Support

Change Auditor for Windows File Servers 7.0.2 - User Guide

File System Protection

Introduction

When licensed, Change Auditor for Windows Files Servers also provides an access control model that permits administrators to secure business-critical files and folders on the file server against potentially dangerous changes.

To use file system protection, you must first define the files/folders to protect:

File System Protection page

The File System Protection page displays when File System is selected from the Protection task list in the navigation pane of the Administration Tasks tab. From this page you can launch the File System Protection wizard to specify a file or folder to be protected from unauthorized access. You can also edit existing templates, disable a template, and remove templates that are no longer being used.

The File System Protection page contains an expandable view of all the File System Protection templates that have been previously defined. To add a new template to this list, click Add. Once added, the following information is provided for each template:

Indicates whether the template is enabled or disabled. To enable/disable the template, place your cursor in this Status cell, click the arrow control and select the appropriate option from the drop-down menu.
Excluded from Protection - indicates you selected the Allow option to allow only the selected accounts to change the protected objects.
Included in Protection - indicates you selected the Deny option to allow all accounts to change the protected objects EXCEPT for those selected.

Click the expansion box to the left of the Template name to expand this view and display the following details for each template:

File System Protection templates

To enable protection, create a File System Protection template which specifies the files/folders to lock down. You can then add this template to an agent configuration, which then needs to be assigned to the appropriate agents.

NOTE: If you are planning to use multiple File System Protection templates, refer to the Change Auditor Technical Insight Guide for more information on how multiple protection templates are evaluated.
2
Click Protection.
3
Select File System under the Protection task list to open the File System Protection page.
4
Click Add to open the File System Protection wizard which steps you through the process of creating a File System Protection template.
5
In the Template Name field, enter a descriptive name for the template.
6
In the Path field, enter or click the Browse button to specify the file system path to protect. Click Add to move the specified file system path to the selection list.
[All] (default)
11
Use the File Mask field to optionally specify a file mask to protect a group of files in the selected file system path. Once you have specified a file mask, click Add to add it to the list at the bottom of the page.
NOTE: The Allow option is selected by default indicating that the selected users or groups will be allowed to change the protected objects. However, you can select the Deny option at the top of this page and select individual users or groups that are NOT allowed to change the protected objects. When using the Deny option, you are allowing all users and groups to change the protected objects except for those selected on this page.
13
Protect access from all locations: Protection is always enabled regardless of the location.
Protect access only from select locations: Protection is only enabled for the specified locations.
Disable protection only for select locations: Protection is disabled for the selected locations. Enabled everywhere else.
Protect access from all unknown locations: All file system requests from locations that cannot be determined by the agent will be protected.
Clicking Finish creates the template, closes the wizard, and returns you to the File System Protection page where the newly created template is now listed.
16
To create the template and assign it to an agent configuration, expand Finish and select Finish and Assign to Agent Configuration.
On the Agent Configuration page, select the agents assigned to use the modified agent configuration and click Refresh Configuration to ensure the agents are using the latest configuration.
2
Click Finish or expand Finish and select Finish and Assign to Agent Configuration.

The disable feature allows you to temporarily stop protecting the specified file path without having to remove the protection template or individual file path from an active template.

Place your cursor in the Status cell for the template to be disabled, click the arrow control and select Disabled.
The entry in the Status column for the template will change to ‘Disabled’.
2
To re-enable the protection template, use the Enable option in either the Status cell or right-click menu.
Place your cursor in the Status cell for the file path to be disabled, click the arrow control and select Disabled.
The entry in the Status column for the selected file path will change to ‘Disabled’.
2
To re-enable protection of a file path, use the Enable option in either the Status cell or right-click menu.
Related Documents