Содержание

Scenario: File Access Auditing
In this scenario
Roles and features included in this scenario
File Access Перечисление
Определение
Примеры
Комментарии
«Access Denied» or other errors when you access or work with files and folders in Windows
Summary
Resolution

Scenario: File Access Auditing

Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Security Auditing is one of the most powerful tools to help maintain the security of an enterprise. One of the key goals of security audits is regulatory compliance. Industry standards such as Sarbanes Oxley, Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry (PCI) require enterprises to follow a strict set of rules related to data security and privacy. Security audits help establish the presence of such policies and prove compliance with these standards. Additionally, security audits help detect anomalous behavior, identify and mitigate gaps in security policies, and deter irresponsible behavior by creating a trail of user activity that can be used for forensic analysis.

Audit policy requirements are typically driven at the following levels:

Information security. File access audit trails are often used for forensic analysis and intrusion detection. Being able to get targeted events about access to high-value information lets organizations considerably improve their response time and investigation accuracy.

Organizational policy. For example, organizations regulated by PCI standards could have a central policy to monitor access to all files that are marked as containing credit card information and personally identifiable information (PII).

Departmental policy. For example, the finance department may require that the ability to modify certain finance documents (such as a quarterly earnings report) be restricted to the finance department, and thus the department would want to monitor all other attempts to change these documents.

Business policy. For example, business owners may want to monitor all unauthorized attempts to view data that belongs to their projects.

Additionally, the compliance department may want to monitor all changes to central authorization policies and policy constructs such as user, computer, and resource attributes.

One of the biggest considerations of security audits is the cost of collecting, storing, and analyzing audit events. If the audit policies are too broad, the volume of audit events collected rises, and this increases costs. If the audit policies are too narrow, you risk missing important events.

With Windows Server 2012 , you can author audit policies by using claims and resource properties. This leads to richer, more targeted, and easier-to-manage audit policies. It enables scenarios that, until now, were impossible or too difficult to perform. The following are examples of audit policies that administrators can author:

Audit everyone who does not have a high-security clearance and tries to access an HBI document. For example, Audit | Everyone | All-Access | Resource.BusinessImpact=HBI AND User.SecurityClearance!=High.

Audit all vendors when they try to access documents that are related to projects that they are not working on. For example, Audit | Everyone | All-Access | User.EmploymentStatus=Vendor AND User.Project Not_AnyOf Resource.Project.

These policies help regulate the volume of audit events and limit them to only the most relevant data or users.

After administrators have created and applied the audit policies, the next consideration for them is gleaning meaningful information from the audit events that they collected. Expression-based audit events help reduce the volume of audits. However, users need a way to query these events for meaningful information and ask questions such as, «Who is accessing my HBI data?» or «Was there an unauthorized attempt to access sensitive data?»

Windows Server 2012 enhances existing data access events with user, computer, and resource claims. These events are generated on a per-server basis. To provide a full view of events across the organization, Microsoft is working with partners to provide event collection and analysis tools, such as the Audit Collection Services in System Center Operation Manager .

Figure 4 shows an overview of a central audit policy.

Figure 4 Central auditing experiences

Setting up and consuming security audits typically involves the following general steps:

Identify the correct set of data and users to monitor

Create and apply appropriate audit policies

Collect and analyze audit events

Manage and monitor the policies that were created

In this scenario

The following topics provide additional guidance for this scenario:

Roles and features included in this scenario

The following table lists the roles and features that are part of this scenario and describes how they support it.

File Access Перечисление

Определение

Определяет константы для доступа к файлу для чтения, записи или чтения и записи. Defines constants for read, write, or read/write access to a file.

Это перечисление имеет атрибут FlagsAttribute, который разрешает побитовое сочетание значений его элементов.

Доступ для чтения файла. Read access to the file. Данные могут быть считаны из файла. Data can be read from the file. Для получения доступа для чтения и записи необходимо объединить с Write . Combine with Write for read/write access.

Доступ для чтения и записи файла. Read and write access to the file. Данные можно записать в файл и прочитать из файла. Data can be written to and read from the file.

Доступ для записи в файл. Write access to the file. Данные могут быть записаны в файл. Data can be written to the file. Для получения доступа для чтения и записи необходимо объединить с Read . Combine with Read for read/write access.

Примеры

Следующий FileStream конструктор предоставляет доступ только для чтения к существующему файлу ( FileAccess.Read ). The following FileStream constructor grants read-only access to an existing file ( FileAccess.Read ).

Пример создания файла и записи текста в файл см. в разделе Практические руководства. запись текста в файл. For an example of creating a file and writing text to a file, see How to: Write Text to a File. Пример считывания текста из файла см. в разделе как читать текст из файла. For an example of reading text from a file, see How to: Read Text from a File. Пример чтения и записи в двоичный файл см. в разделе как читать и записывать в созданный файл данных. For an example of reading from and writing to a binary file, see How to: Read and Write to a Newly Created Data File.

FileAccess Параметр задается во многих конструкторах для File , FileInfo , FileStream и других конструкторов, где важно контролировать тип доступа пользователей к файлу. A FileAccess parameter is specified in many of the constructors for File, FileInfo, FileStream, and other constructors where it is important to control the kind of access users have to a file.

«Access Denied» or other errors when you access or work with files and folders in Windows

Summary

When you try to access or work with files and folders in Windows, you experience one or more of the following issues:

Issue 1: You receive an «Access Denied» error message or a similar message.

Issue 2: You cannot access, change, save, or delete files and folders.

Issue 3: You cannot open a file or folder after you install a new version of Windows.

Resolution

To resolve a particular issue, follow the steps for the issue that best describes your situation. Use the method for your version of Windows.

Читайте также: Man info help linux

Note You may not always receive an “Access Denied” error message for these kinds of issues. If particular steps do not resolve the issue, try a different set of steps.

Cause An «Access Denied» error message can occur for one or more of the following reasons:

The folder ownership has changed.

You do not have the appropriate permissions.

The file is encrypted.

You may not have ownership of a file or folder If you recently upgraded your computer to Windows 8 from an earlier version of Windows, some of your account information may have changed. Therefore, you may no longer have ownership of some files or folders. You might be able to resolve this issue by restoring your ownership of the files and folders.

To take ownership of a file or folder, follow these steps:

Press and hold the folder that you want to take ownership of, then tap Properties. (If you are using a mouse, right-click the folder, and then click Properties.)

Tap or click the Security tab, tap or click Advanced, then tap or click Change. If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.

Type the name of the person that you want to give ownership to, and then click Check Names.

Note The account name for the person that you are assigning ownership to is displayed.

If you want this person to be the owner of the files and subfolders that are contained in this folder, select the Replace owner on subcontainers and objects check box.

You may not have the appropriate permissions Issues that you experience when you try to access files and folders may be related to permissions. Permissions are rules that determine whether you can access or change files and folders. To check permissions on a file or folder, follow these steps:

Press and hold or right-click the file or folder, and then click Properties.

Tap or click the Security tab.

Under Group or user names, tap or click your name to see the permissions that you have.

To open a file, you have to have the Read permission. To change the permissions of a file or folder, follow these steps.

Important You must be logged on as an administrator to change permissions on files and folders.

Press and hold or right-click the file or folder, and then tap or click Properties.

Tap or click the Security tab.

Under Group or user names, tap or click your name to see the permissions that you have.

Tap or click Edit, tap or click your name, select the check boxes for the permissions that you must have, and then click OK.

The file or folder may be encrypted Encryption can help protect files and folders from unwanted access. You cannot open an encrypted file or folder without the certificate that was used to encrypt it. To determine whether a file or folder is encrypted, follow these steps:

Press and hold or right-click the file or folder, and then tap or click Properties.

Tap or click the General tab, and then tap or click Advanced.

If the Encrypt contents to secure data check box is selected, you have to have the certificate that was used to encrypt the file or folder to be able to open it. In this situation, you should obtain the certificate from the person who created or encrypted the file or folder, or have that person decrypt the file or folder.

You may not have ownership of a file or folder If you recently upgraded your computer to Windows 7 from an earlier version of Windows, some of your account information may have changed. Therefore, you may no longer have ownership of some files or folders. You might be able to resolve this issue by restoring your ownership of the files and folders.

To take ownership of a file or a folder, follow these steps:

Right-click the folder that you want to take ownership of, then click Properties.

Click the Security tab, click Advanced, then click the Owner tab.

Note If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.

Click the name of the person that you want to give ownership to.

If you want this person to be the owner of files and subfolders in this folder, select the Replace owner on subcontainers and objects check box.

You may not have the appropriate permissions Issues that you experience when you try to access files and folders may be related to permissions. Permissions are rules that determine whether you can access or change files and folders. To determine the permissions of the file or folder, follow these steps:

Right-click the file or folder, then click Properties.

Click the Security tab.

Under Group or user names, click your name to see the permissions that you have.

To open a file, you have to have the Read permission. To change permissions on a file or folder, follow these steps.

Important You must be logged on as an administrator to change permissions on files and folders.

Right-click the file or folder, and then click Properties.

Click the Security tab.

Under Group or user names, click your name to see the permissions that you have.

Click Edit, click your name, select the check boxes for the permissions that you must have, and then click OK.

For more information about permissions, see What are permissions?.

Right-click the file or folder, and then click Properties.

Click the General tab, then click Advanced.

If the Encrypt contents to secure data check box is selected, you have to have the certificate that was used to encrypt the file or folder to be able to open it.

You should obtain the certificate from the person who created or encrypted the file or folder, or have that person decrypt the file or folder.

Cause A problem that prevents you from accessing or working with files and folders can occur for one or more of the following reasons:

The folder ownership has changed

You do not have the appropriate permissions

The file is encrypted

The file is corrupted

The user profile is corrupted

To take ownership of a file or folder, follow these steps:

Press and hold the folder that you want to take ownership of, then tap Properties. (If you are using a mouse, right-click the folder, and then click Properties.)

Tap or click the Security tab, tap or click Advanced, then tap or click Change. If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.

Type the name of the person that you want to give ownership to, and then click Check Names.

Note The account name for the person that you are assigning ownership to is displayed.

If you want this person to be the owner of the files and subfolders that are contained in this folder, select the Replace owner on subcontainers and objects check box.

Press and hold or right-click the file or folder, and then click Properties.

Tap or click the Security tab.

Under Group or user names, tap or click your name to see the permissions that you have.

To open a file, you have to have the Read permission. To change the permissions of a file or folder, follow these steps.

Important You must be logged on as an administrator to change permissions on files and folders.

Press and hold or right-click the file or folder, and then tap or click Properties.

Tap or click the Security tab.

Under Group or user names, tap or click your name to see the permissions that you have.

Tap or click Edit, tap or click your name, select the check boxes for the permissions that you must have, and then click OK.

For more information about permissions, see What are permissions?.

Press and hold or right-click the file or folder, and then tap or click Properties.

Tap or click the General tab, and then tap or click Advanced.

The file or folder may be corrupted Files can become corrupted for several reasons. The most common reason is that you have a file open when your computer crashes or loses power. Most corrupted files cannot be repaired. In this situation, you should either delete the file or restore the file from a backup copy.

For more information about corrupted files and how to fix them, see Corrupted files: frequently asked questions.

Your local user profile may be corrupted Occasionally, Windows might not read your local user profile correctly. This may prevent you from accessing files and folders. In this situation, you may have to use a new local user profile. To create the profile, you must first create a local user account. When the new account is created, the profile is also created. To create a local user account, follow these steps:

Swipe from the right edge of the screen, tap Settings, and then tap Change PC settings. (If you are using a mouse, point to the upper-right corner of the screen, move the mouse pointer down, click Settings, and then click Change PC settings)

In the navigation pane, tap or click Users.

Tap or Click Add a User, then tap or click Can they sign in without a Microsoft account?

Tap or click Local account.

Enter your new account name.

If you want to use a password, enter and verify the password that you want to use. If you decide not to use a password, tap or click Next without entering a password.

Tap or click Finish.

To take ownership of a file or a folder, follow these steps:

Right-click the folder that you want to take ownership of, and then click Properties.

Click the Security tab, click Advanced, and then click the Owner tab.

Click Edit. If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.

Click the name of the person that you want to give ownership to.

If you want that person to be the owner of files and subfolders in this folder, select the Replace owner on subcontainers and objects check box.

Press and hold or right-click the file or folder, and then click Properties.

Tap or click the Security tab.

Under Group or user names, tap or click your name to see the permissions that you have.

To open a file, you have to have the Read permission. To change permissions on a file or folder, follow these steps.

Important You must be logged on as an administrator to change permissions on files and folders.

Right-click the file or folder, and then click Properties.

Click the Security tab.

Under Group or user names, click your name to see the permissions you have.

Click Edit, click your name, select the check boxes for the permissions that you must have, and then click OK.

For more information about permissions, see What are permissions?.

Right-click the file, then click Properties.

Click the General tab, and then click Advanced.

If the Encrypt contents to secure data check box is selected, you have to have the certificate that was used to encrypt the file or folder to be able to open it.

You should obtain the certificate from the person who created the file. For more information, see Import or export certificates and private keys.

Читайте также: Foxit reader для mac os

For more information about corrupted files and how to fix them, see Corrupted files: frequently asked questions.

Your user profile may be corrupted Occasionally, Windows might not read your local user profile correctly. This may prevent you from accessing files and folders. In this situation, you may have to use a new local user profile. To create the profile, you must first create a local user account. When the new account is created, the profile is also created.

For more information about how to create user profiles, see Fix a corrupted user profile. After the new user profile is created, you can copy your existing user files to the new profile so that you can access them.

Cause Problems that prevent you from accessing files and folders after you upgrade to a new version of Windows can occur for one or more of the following reasons:

The folder ownership has changed.

The files are being stored in a Windows.old folder from your previous system.

You may not have ownership of a file or folder If you recently upgraded your computer to Windows 8 from an earlier version of Windows, some of your account information may have changed. Therefore, you may no longer have ownership of some files and folders. You might be able to resolve this issue by restoring your ownership of the files and folders.

To take ownership of a file or a folder, follow these steps:

Press and hold the folder that you want to take ownership of, then tap Properties. (If you are using a mouse, right-click the folder, and then click Properties.)

Tap or click the Security tab, tap or click Advanced, then tap or click Change. If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.

Type the name of the person that you want to give ownership to, and then click Check Names.

Note The account name for the person that you are assigning ownership to is displayed.

If you want this person to be the owner of the files and subfolders that are contained in this folder, select the Replace owner on subcontainers and objects check box.

You have to recover files from the Windows.old folder If you recently upgraded your computer to Windows 8 from an earlier version of Windows, and you did not reformat the hard disk, you might still be able to access your old files from the Windows.old folder.

To fix this problem automatically, click the Fix it button or link. In the File Download dialog box, click Run, and then follow the steps in the Fix it Wizard. If you prefer to fix this problem yourself, go to the «Let me fix it myself» section.

This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.

If you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD, and then run it on the computer that has the problem.

Let me fix it myself To manually retrieve the files, follow these steps:

Open the desktop, tap the folder icon, and then click Computer. Or, press the Windows logo key+E.

Double-tap or double-click the drive that Windows is installed on (typically, drive C).

Double-tap or double-click the Windows.old folder.

Double-tap or double-click the Users folder.

Double-tap or double-click your user name.

Open the folders that contain the files that you want to retrieve. For example, to retrieve files in the Documents folder, double-tap or double-click Documents.

Copy the files that you want from each folder and paste them to a folder in Windows 8. For example, if you want to retrieve everything from the Documents folder, copy all the files and folders from the Documents folder in the Windows.old folder, and then paste them to the Documents library in Windows 8.

Repeat steps 5-7 for each user account on your computer.

For more information about how to recover data from an earlier version of Windows, see Recover lost or deleted files.

You may not have ownership of a file or folder If you recently upgraded your computer to Windows 7 from an earlier version of Windows, some of your account information may have changed. Therefore, you may no longer have ownership of some files and folders. You might be able to resolve this issue by restoring your ownership of the files and folders.

To take ownership of a file or a folder, follow these steps:

Right-click the folder that you want to take ownership of, and then click Properties.

Click the Security tab, click Advanced, and then click the Owner tab.

Click Edit. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Click the name of the person that you want to give ownership to.

If you want that person to be the owner of files and subfolders in this folder, select the Replace owner on subcontainers and objects check box.

You may have to recover files from the Windows.old folder If you recently upgraded your computer to Windows 7 from an earlier version of Windows, and you did not reformat your hard disk, you might still be able to access your old files from the Windows.old folder.

To fix this problem automatically, click the Fix it button or link. In the File Download dialog box, click Run, and then follow the steps in the Fix it Wizard.If you prefer to fix this problem yourself, go to the «Let me fix it myself» section.

This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.

If you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD, and then run it on the computer that has the problem.

Let me fix it myself To manually retrieve the files, follow these steps:

Click Start, then click Computer.

Double-click the drive that Windows is installed on (typically, drive C).

Double-click the Windows.old folder.

Double-click the Users folder.

Double-click your user name.

Open the folders that contain the files that you want to retrieve. For example, to retrieve files in the Documents folder, double-click Documents.

Copy the files that you want from each folder and paste them to a folder in Windows 7. For example, if you want to retrieve everything from the Documents folder, copy all the files and folders from the Documents folder in the Windows.old folder, and then paste them to the Documents library in Windows 7.

Repeat steps 5-7 for each user account on your computer.

For more information about how to recover data from an earlier version of Windows, see Recover lost or deleted files.

Windows users file access

Scenario: File Access Auditing

In this scenario

Roles and features included in this scenario

File Access Перечисление

Определение

Примеры

Комментарии

«Access Denied» or other errors when you access or work with files and folders in Windows

Summary

Resolution