Auditing for AFP and SMB

Similar Messages

• Which is the better one, between AFP and SMB protocol for files' transporti

  Hi,
  I'm a newbie here and I have a question for MAC AFP protocol.
  For files' transporting, MAC os has AFP protocol, and it also supports SMB protocol. Is there any difference between these two protocols?
  Is the AFP protocol better than the SMB protocol , for files' transporting between two MACs, MACs and Windows,or two Windows?

  AFP is preferred for Mac -> Mac transfers. It's the native Mac protocol and easiest to maintain.
  Windows systems typically don't understand AFP so it's not an option for them. For Windows transfers you should use SMB.
  The Mac can talk SMB, too, so if you had to choose only one, and you have Windows clients on your network, then SMB would be the way to go.
  You are not limited to running just one, though. It's perfectly valid to have the server talk both AFP and SMB at the same time, letting each client use the protocol it prefers.

• Difference between afp and smb

  I'm running OS X server 10.5.8. unlimited license with only file sharing enabled.
  When a large number of users (more than 7 or 8) try to log on the server at the same time, the server goes AWOL. A few users get on and that's it. When I check the server preferences, file sharing has turned off by itself. When I try to restart it, it just turns off again. After waiting a while, I can turn it on again, or it'll turn on again by itself after a good long while.
  This is in the setting of a computer lab. The users get on via afp. Would smb work better? What's the difference between the two?
  I'll appreciate any help or suggestions on this.
  Hans

  When I check the server preferences, file sharing has turned off by itself. When I try to restart it, it just turns off again
  That's clearly not normal. What do the logs have to say?
  The users get on via afp. Would smb work better? What's the difference between the two?
  AFP was designed by Apple and is the native file sharing protocol in Mac OS X.
  SMB was designed by Microsoft and is the native file sharing protocol in Windows.
  At one time Macs would use AFP, Windows systems would use SMB. That line is now blurred by the fact that Mac OS X can talk both AFP and SMB, and Windows machines can be persuaded to talk AFP.
  There are some under the hood differences and in general your Mac clients should use AFP if possible. Whether SMB is more or less reliable in your case depends on why the server is having these issues in the first place - if it's a resource issue (i.e. not enough memory/cpu/etc.) then enabling SMB is likely to make things worse since the server now has an additional process to keep running.

• Access to a server by both afp and smb at the same time

  I'm sure that there's an answer to this, but it's not obvious to me. I have a series of macbooks and various linux servers that I use for file storage. Some of the older linux boxes share via smb, but I'd like to move to afp, primarily as I think that it ought to be easier to administer.
  Before a do a migration, how do I mount remote shared filespace on the same server with different protocols? Finder seems happy to authenticate as either AFP or SMB user to a specific machine, but not both at the same time - I only get one server in the left hand pane of finder.
  Is it possible to get dual access to work? Do I just use different IP addresses for the server?
  cheers
  Tim

  Ok great, thanks v much
  Dave

• Questions about AFP and SMB network drives

  Is there a major speed difference between the two? At my school I am given network drive space, and my drive seems accessibly via afp:// and not via SMB.
  I transferred a 30MB file once and afp:// transferred at about 1 MB a second. This seemed about as fast as when I used OS 9 and connected to afp:// servers.
  Also can one access a afp:// drive on a Windows 98 computer without third party software (PC MacLan)? The It director has been trying to help my Windows 98 laptop also gain access to my drive, but everything he has told me to try has failed. Perhaps because Windows 98 cant connect with Appletalk over TCP/IP servers.
  Thanks for the help.
  If this message belongs in another forum, please let me know.
  John

  I am on a T1 and using the ibooks network card.
  Back in 2005 I was on a Performa 6360 and also used a network card (100 base T) on a T1.
  Its strange why the ibook would be no faster than the performa for transferring files.
  So can Windows 98 connect to afp:// servers?
  john

• AFP and SMB Home Folders

  Has anybody managed to find a way of using both AFP home folders and SMB folders?
  What I am trying to do is have both setup on a students/staff login so that they can access there windows based home directory and also access the Mac home directories for things like Aperture, iphoto garage band etc which require a lot of storage room. We Limit Student storage to 150mb so we need to be able to use our current promise storage to store the home folders.
  I have read a few forums with scripts on but i can't seem to get them to work.
  I have got a working magic (golden) Triangle I can login to the any Mac with the any AD login and it works I can see there windows based home folder.
  Any Help would be much appreciated.
  Our Current setup is:
  Mac OS X Server (xServe) 10.7.5 running OD as Master and bound to AD
  Mac Clients 10.7.5
  Windows 2008R2 Domain Controller

  How do you resolved the problem?

• Auditing for Successful and Failed Logon.

  I have a requirement wherein I want to Audit when the user Logs In and if the user unsuccessfully tries to log in. I am using the oracle's Audit functionality to audit it.
  Also I am using the oracle's audit functionality only for the above two items and have implemented the Auditing of other tables using triggers. I am not using the Oracle's Audit functionality for other purposes because the fine grained auditing is not available for the standard edition of Oracle 9i.
  I want to know what is the best way to merge the Audit details from the Oracle table with the Audit Details of the Audit table which I have implemented.
  Thanks
  Ajay.

  We have a After Logon trigger in oracle but there is no trigger which will fire if the user tries to login but fails to log in. This is the reason I am using the oracle's Audit functionality for successful and unsuccessful login.
  I want to know what is the best way to merge the Audit data of oracle with my Audit Data. The Audit table which I have created is somewhat similar to the Oracle's Audit table. Oracle jobs will do it but there will be performance issue since the job should fire frequently if the user wants to see the report immediately.
  Thanks
  Ajay.

• AFP and SMB sharepoint in AD environment

  We are currently migrating user accounts to authenticate to AD to make life easier for our students as we use both Macs and PCs on our network. We have AD working using our XServe to host home directories using AFP. When a user logs on using a Mac they can access the AFP share without problem. What we would like to achieve is users logging on using a Mac to use AFP on the sharepoint and PC users using the same sharepoint running on SMB.
  We have set our ‘users’ sharepoint up using both SMB and AFP but can’t get this working; I remember seeing a method using dsconfigad to direct PC users to SMB and Mac users to AFP a while back but can’t remember where.
  Any help would be greatly appreciated if someone can point me in the right direction
  Thanks in advance,
  Dan

  Open Console app and Click the button to show the log file list.
  There are various locations and they will be listed in the list. I'm not sure how to turn on more logging. Many of the config files for various services are in /etc.

• How do I identify the latest file modifications, application install, and registry key modification for Security Forensics.... using GP Audit for registry/file system

  Hello,
  Title pretty much states it all. I initially set out (as part of a Security Forensics initiative) to identify the most recently installed applications, modified files, and registry key changes using PowerShell. I attempted to pull this information and sort
  them by date installed/last modified, but it was brought to my attention this information isn't always present and can be modified - so it's not accurate.
  At that time it was suggested we use Group Policy auditing for Registry and File System -  but I'm not sure how I'm going to use/pull these in PowerShell? This will be used on remote host all over the world so local physical access isn't an option.
  My question is:
  Once Group Policy Auditing for Registry and File System has been enabled, how would I go about pulling those audit logs for review once a system has been identified as compromised? I'm brand new to this GP Auditing (we have a separate team for that) so feel
  free to take it from the beginning. :)
  Thanks in advance!

  Hi,
  Here are a few suggestions for you:
  Ensure Remote Registry service is started on local and remote machines.
  Add the – Credential option and supply administrative credentials within the command.
  More information for you:
  Get-Eventlog doesn't work against Vista/W7 clients
  https://social.technet.microsoft.com/Forums/en-US/c5185a01-b0d2-49a7-9aa7-52e6534ada04/geteventlog-doesnt-work-against-vistaw7-clients?forum=winserverpowershell
  PowerShell - How to Get XML EventData - Remote Eventlogs - Exchange Events
  https://social.technet.microsoft.com/Forums/scriptcenter/en-US/382b10c9-d740-46b1-b81c-b24de911eb14/powershell-how-to-get-xml-eventdata-remote-eventlogs-exchange-events-?forum=ITCG
  Powershell script to gather failed logon attempts by event id and type from the security events log
  https://social.technet.microsoft.com/Forums/scriptcenter/es-ES/00a62492-c63a-4c8b-92f9-1cc857223a00/powershell-script-to-gather-failed-logon-attempts-by-event-id-and-type-from-the-security-events-log?forum=ITCG
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• ACL and smb

  I want to do something relatively simple (or so I thought):
  - Have one volume shared (firewire drive)
  - SMB read-only for that volume for guests or a specific user
  - SMB complete access (read/write, etc) for that volume for a different specific user.
  That's it, seriously. How can this get done with smb?

  I would like to know how to do this as well. I've shared a folder on my MBP with read only permissions for everyone but I can still edit and delete files on the share from my Imac. I know I don't need smb for mac to mac file sharing but after 2 hours of googling and testing suggestions I couldn't get AFP to work.
  I'll give a bit of detail about my AFP issue in case its an easier fix. Both machines have Appletalk enabled. On the MBP under system preferences, I have 2 folders, the public folder and a video folder. The public folder was shared by default but the video folder is the only thing I have added. It has afp and smb checked and read only attributes for everyone (including my username). When browsing with the imac to the MBP in finder I only see the public folder but if I connect with my username on the MBP I see my home folder, my root /, my time machine partition on my external drive and these are not shared. I don't see the video folder though. cmd-k smb://mycomputer/video gives the error the volume could not be mounted. So I tried cmd-k smb://mycomputer/video and volia I get a mounted video folder but I'm able to edit and delete files as guest or as me. Any help is greatly appreciated, and apologies if I'm hijacking this thread by posting my afp issue too.

• Performance problems with DFSN, ABE and SMB

  Hello,
  We have identified a problem with DFS-Namespace (DFSN), Access Based Enumeration (ABE) and SMB File Service.
  Currently we have two Windows Server 2008 R2 servers providing the domain-based DFSN in functional level Windows Server 2008 R2 with activated ABE.
  The DFSN servers have the most current hotfixes for DFSN and SMB installed, according to http://support.microsoft.com/kb/968429/en-us and http://support.microsoft.com/kb/2473205/en-us
  We have only one AD-site and don't use DFS-Replication.
  Servers have 2 Intel X5550 4 Core CPUs and 32 GB Ram.
  Network is a LAN.
  Our DFSN looks like this:
  \\contoso.com\home
      Contains 10.000 Links
      Drive mapping on clients to subfolder \\contoso.com\home\username
  \\contoso.com\group
      Contains 2500 Links
      Drive mapping on clients directly to \\contoso.com\group
  On \\contoso.com\group we serve different folders for teams, projects and other groups with different access permissions based on AD groups.
  We have to use ABE, so that users see only accessible Links (folders)
  We encounter sometimes multiple times a day enterprise-wide performance problems for 30 seconds when accessing our Namespaces.
  After six weeks of researching and analyzing we were able to identify the exact problem.
  Administrators create a new DFS-Link in our Namespace \\contoso.com\group with correct permissions using the following command line:
  dfsutil.exe link \\contoso.com\group\project123 \\fileserver1\share\project123
  dfsutil.exe property sd grant \\contoso.com\group\project123 CONTOSO\group-project123:RX protect replace
  This is done a few times a day.
  There is no possibility to create the folder and set the permissions in one step.
  DFSN process on our DFSN-servers create the new link and the corresponding folder in C:\DFSRoots.
  At this time, we have for example 2000+ clients having an active session to the root of the namespace \\contoso.com\group.
  Active session means a Windows Explorer opened to the mapped drive or to any subfolder.
  The file server process (Lanmanserver) sends a change notification (SMB-Protocol) to each client with an active session \\contoso.com\group.
  All the clients which were getting the notification now start to refresh the folder listing of \\contoso.com\group
  This was identified by an network trace on our DFSN-servers and different clients.
  Due to ABE the servers have to compute the folder listing for each request.
  DFS-Service on the servers doen't respond for propably 30 seconds to any additional requests. CPU usage increases significantly over this period and went back to normal afterwards. On our hardware from about 5% to 50%.
  Users can't access all DFS-Namespaces during this time and applications using data from DFS-Namespace stop responding.
  Side effect: Windows reports on clients a slow-link detection for \\contoso.com\home, which can be offline available for users (described here for WAN-connections: http://blogs.technet.com/b/askds/archive/2011/12/14/slow-link-with-windows-7-and-dfs-namespaces.aspx)
  Problem doesn't occure when creating a link in \\contoso.com\home, because users have only a mapping to subfolders.
  Currently, the problem doesn't occure also for \\contoso.com\app, because users usually don't use Windows Explorer accessing this mapping.
  Disabling ABE reduces the DFSN freeze time, but doesn't solve the problem.
  Problem also occurs with Windows Server 2012 R2 as DFSN-server.
  There is a registry key available for clients to avoid the reponse to the change notification (NoRemoteChangeNotify, see http://support.microsoft.com/kb/812669/en-us)
  This might fix the problem with DFSN, but results in other problems for the users. For example, they have to press F5 for refreshing every remote directory on change.
  Is there a possibility to disable the SMB change notification on server side ?
  TIA and regards,
  Ralf Gaudes

  Hi,
  Thanks for posting in Microsoft Technet Forums.
  I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
  Thank you for your understanding and support.
  Regards.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• What happens when the trial ends? (Audition for Mac)

  Might be a silly question - forgive me, I'm a novice.
  I just downloaded Audition for Mac - and was surprised that it's free!
  And when the public beta trial ends - do you lose all your sessions? are you given first dibs for upgrading to the new paid-for software?
  One last one - What can't you do on this version that you can do on Audition 3.0 for Windows?
  Thanks!

  AnnaMChapman wrote:
  And when the public beta trial ends - do you lose all your sessions? are you given first dibs for upgrading to the new paid-for software?
  When the public beta ends, you have to purchase a copy of the release version. You will find that the beta version suddenly won't work any more... and I would imagine that you'll get the same purchase options as everybody else. As for session loss - well you won't lose them if you purchase the software; they'll still open fine.
  One last one - What can't you do on this version that you can do on Audition 3.0 for Windows?
  That's a much more complicated question to answer - simply because we haven't made a definitive list yet, and for non-disclosure reasons I can't say anything more than Adobe has already made public. The one thing that's hacking off a lot of AA3.0 users at present is that it is confirmed that the new version won't write CDs directly, though. Also it's a matter of public knowledge that there will be no MIDI sequencing capability either, but personally I'd have that as a gain, not a loss! For a lot of Mac users though, none of this will be an issue because they never had it in the first place; therefore they can hardly miss it...

• AFP and PDF Batch Print

  Hi,
  I have a single step batching process managing my formlist creation. In this process I execute PDF printing and AFP printing. PDF print with RULMultiFilePrint callback funciton.
  When executing gendata it prints my PDFs as we build it. but AFP batch dosen't run. AFP file is created but no data inside. BUT! if we execute genprint It creates the AFP as we build it.
  Any suggestions?
  this is my AFGJOB file:
  /* JDT Rules for MultiStep Processing */
  <Base Rules>
  ;RULStandardJobProc;1;Always the first job level rule;
  ;SetErrHdr;1;*:;
  ;SetErrHdr;1;*:------------------------------------------------;
  ;SetErrHdr;1;*: Documaker Data Generation (Base);
  ;SetErrHdr;1;***: Company: ***Company***;
  ;SetErrHdr;1;***: LOB: ***LOB***;
  ;SetErrHdr;1;***: Policy #: ***POLICYNUM***;
  ;SetErrHdr;1;*:------------------------------------------------;
  ;JobInit1;;;
  ;InitOvFlw;1;;
  ;InitPrint;;;
  /* Every form set in this base uses these rules. */
  <Base Form Set Rules>
  ;NoGenTrnTransactionProc;2;required to combine gentrn/gendata into single step;
  ;BuildFormList;2;;
  ;LoadRcpTbl;2;;
  ;RunSetRcpTbl;2;;
  ;LoadExtractData;2;;
  ;USEXMLExtract;2;;
  ;ResetOvFlw;2;;
  ;UpdatePOLFile;2;;
  ;PrintFormset;2;required to combine gendata/genprint into single step;
  ;WriteOutput;2;;
  ;WriteNaFile;2;;
  ;BatchingByPageCountPerRecipINI;;;
  ;BatchingByRecipINI;2;;
  ;IfRecipUsed;;BATCH1=Cliente;
  ;ProcessQueue;2;PostPaginationQueue;
  ;PaginateAndPropogate;2;;
  /* Every image in this base uses these rules. */
  <Base Image Rules>
  ;RULStandardImageProc;3;Always the first image level rule;
  /* Every field in this base uses these rules. */
  <Base Field Rules>
  ;RULStandardFieldProc;4;Always the first field level rule;

  You can accomplish what you desire in one of two ways.
  Lets keep it simple for now: create two recipients per form
  Cliente and Cliente1 where one is intended for AFP and the other intended for PDF. I am assuming you are using Documaker 11.3 or better
  Two batches would be created and the print types adjusted for each batch.
  Based on your AFGJOB the entries should be as follows.
  ;BatchingByPageCountPerRecipINI;;;
  ;BatchingByRecipINI;2;;
  You will also need a corresponding FSISYS/FSIUSER entry that routes the recipient into its own batch
  < BatchingByRecip >
  Batch_Recip_Def = TRUE;"BATCH1";CLIENTE
  Batch_Recip_Def = TRUE;"BATCH2";CLIENTE1
  DefaultBatch = ERROR
  This can be configured using the DM Studio UI.
  Where BATCH1 is PDF and BATCH2 is AFP.
  If you then need to adjust by page count, you will need to create additional batches.
  For example if
  AFP BATCH2 < 5 pages
  AFP BATCH3 > 4 pages
  There is a page count entry in the batching
  where BATCH2 1-4
  and BATCH3 5-999
  Your INI files changes should then be reflected as follows.
  < BatchingByRecip >
  Batch_Recip_Def = TRUE;"BATCH1";CLIENTE
  Batch_Recip_Def = TRUE;"BATCH2";CLIENTE1
  Batch_Recip_Def = TRUE;"BATCH3";CLIENTE1
  DefaultBatch = ERROR
  As each transaction runs through Documaker this separates the PDF form AFP through the recipient logic then the system takes out the 1-4 page count transactions into BATCH 2 and the 5-999 page counts into BATCH3. each transaction runs through this logic and once it has found its home in a batch, the system moves on.
  You can get much more creative that this with some file manipulations, but this keeps it the simplest since I am guessing that there is no need to separate the PDF generation by page count.

• Enbled audit for firewall service

  Hi,
  Windows Firewall service is automaticall stopped and disabled. I have enbaled audit for success and failre for the below registry path,
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
  Plesae let me know which event log should i verify which process is disableing firewall service.
  regards,
  Boopathi S

  Hi，
  For logs about services, you can open event viewer, then In the left pane, expand Windows Logs and then System. You can filter the logs with Filter Current Log... from the Actions pane on the right and selecting "Service Control Manager." Or, depending on
  what you want, you might just need to look through the Error entries.
  You can also refer to this blog and see if it helps
  http://blogs.technet.com/b/networking/archive/2011/06/14/the-windows-firewall-service-fails-to-start-registry-permissions.aspx
  Or it might be caused by any third party application\anti-virus software installed in your system
  Yolanda Zhu
  TechNet Community Support

• Simple auditing for a folder - easier said than done!

  In an attempt to audit for success and failure on a folder on a client workstation, I'm having problems.
  I have defined within a GPO, an advanced audit configuration policy for 'Audit File System' under the 'Object Access' section of the available advanced audit nodes. I have also ensured that basic audit policies do not overwrite these events.
  I have then added the user to audit, into the SACL via the 'Auditing' tab of the specified folder, on the client workstation.
  I ran a gpupdate /force, and then ran auditpol.exe /get /category:*
  on the client computer, which successfully reported that auditing for success and failure had been configured for 'Object Access'. Defined policy settings working - great.
  I then ran auditpol.exe /get /user:<mydomain>\specifieduser  /category:"Object Access",
  which reported "No audit policy is defined for the user account".
  Is there a reason why this isn't being confirmed, despite the specified user being the only user in the SACL for audited folder? I'm running out of things to check, would really appreciate some help!
  Many thanks.

  Hi,
  The audit policy settings set via group policy are per computer but not per user. Based on the description, the audit policy settings should have been applied successfully, and we can double confirm this by check the Security logs in Event Viewer to see
  if corresponding events are logged when we use the account to access the folder.
  In addition, per-user auditing can be configured only from the command line.
  Regarding configuring Per-User auditing, the following article can be referred to for more information.
  Configuring Per-User Auditing
  http://windowsitpro.com/systems-management/configuring-user-auditing
  Please Note: Since the website above is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]