Which file is being accessed using Audit Object Access?

February 9, 2012 at 08:58:12
Specs: Windows 2003 Server
I'm taking over the administration of a group of PowerShell Scripts from someone that is no longer at our company. I don't know where all these PowerShell Scripts are being used. The Scheduled Tasks identifies the four core scripts as being used, great.

I checked the Last Accessed timestamps on all the other files, and a number of the non-core scripts have been accessed since the employee left the company. Some as recently as today. So I'm wanting to determine where these scripts are being used.

I enabled Audit Object Access, and enable "Traverse Folder / Execute File" on just a single script file in the directory.

1. Whenever I refresh the Security Log itself, I get two entries in the log. I'd like to stop this.

2. When I open the file, I get about a dozen entries in the security directory. I'd like to cut this down to just one.

3. The above dozen security entries don't specify the file that is being audited that generated the log entry. Since I have a dozen files to monitor, I'll need to know which file generated what security log entry.

I know I must be missing something, cause from what I could tell this feature is nearly useless based on what I'm able to observe. I know there must be more to this.

See More: Which file is being accessed using Audit Object Access?

Report •

February 19, 2012 at 15:46:40

According to that site PowerGUI is a free editor that will let you see the code of each script. Then you can determine what it does. I've never used it, so don't hold me to it.

How do you know when a politician is lying? His mouth is moving.

Report •
Related Solutions

Ask Question