monitor access to docs on IIS -- iis security

WES
6/29/2006 7:41:20 AM

I have an automated job on an IIS 4&5 server that generates .pdf
reports to users directories. The users each have seperate unique
logins to their respective directories. The users logins ARE NOT
Windows domain accounts. The user accounts are assigned through a
proprietary application that also generates the reports. I need to be
able to audit/monitor when a user logs in and views thier reports.
Other than typical Windows server object access monitoring in the
security logs is there a way to capture when the pdf file was opened?
Also can I log either the computer name of the PC accessing or the IP
of the computer accessing the documents?

thanks for reading and I appreciate any info anyone can provide

Steve Schofield
6/29/2006 11:50:15 PM

Here are a couple of ideas. You could build custom logging into the
application to write the user name and document access to the Windows Event
log or a custom log file / database. The other option I believe would work
is turn on 'auditing' for 'authenticated users' on the files / folders you
want to track. When a file is accessed it will be logged in the normal
Windows event log. You could use Event Comb to query the logs. Another
tool to query the logs is called Log Parser.
http://www.microsoft.com/technet/security/topics/auditingandmonitoring/securitymonitoring/smpgch02.mspx
or http://www.logparser.com Hope that helps.

--

Steve Schofield
Windows Server MVP - IIS
ASPInsider Member - MCP

http://www.orcsweb.com/
Managed Complex Hosting
#1 in Service and Support

[quoted text, click to view]

iis security : monitor access to docs on IIS