Event Details
User Activity->Object Access->File System Object Access->InTrust Plug-in for File Access->Folder Object Access->EventID 258 - Failed local folder access (NTFS permissions).
EventID 258 - Failed local folder access (NTFS permissions).
 Sample: 
Event Type:     FailureAudit
Event Source:   Quest File Access Audit Source
Event Category: Local Access
Event ID:       258
Date:           10/28/2009
Time:           10:27:58
User:           RESEARCH\Alebovsky
Computer:       SERVER
Description:    
Failed access (NTFS permissions): 

	Primary User Name: ALebovsky 

	Primary User Domain: RESEARCH 

	Client User Name:  

	Client User Domain:  

	User Logon ID: (0x0,0x43A4F) 

	Process: C:\WINDOWS\explorer.exe 

	Object Type: File 

	Object Path: C:\documents\Log.txt 

	Requested Privileges: Read 

	Transaction ID:  

	Shadow Copy:
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Quest File Access Audit
Filtering Field Equals to Value
Category ITFA:Local Access
Source Quest File Access Audit Source
EventId 258
Expression RemoveCR(String20) in ('Folder')
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime
Who Account or user name under which the activity occured. Primary User Name ALebovsky
What The type of activity occurred (e.g. Logon, Password Changed, etc.) "Failed Folder Access (NTFS Permissions)" Failed Folder Access (NTFS Permissions)
Where The name of the workstation/server where the activity was logged. Computer
Where From The name of the workstation/server where the activity was initiated from. Computer DC1
Severity Specify the seriousness of the event. "High" High
WhoDomain -
WhereDomain -
Result Successful or Failed "Failed" Failed
Object Name Object Path C:\documents\Log.txt
Object Type Object Type File
Whom -
Access Type Category AttestationReview
Failure Type "NTFS permissions" NTFS permissions
Comments
You must be logged in to comment