Sida Loo Raad-raaco Marka Qof Ka Soo galo Folder-ka Kumbiyuutarkaaga

Waxaa jira sifo yar oo wanaagsan oo lagu dhex dhisay Windows taas oo kuu ogolaanaysa inaad la socoto marka qof arko, wax ka beddelo, ama tirtiro wax ku jira gal cayiman. Markaa haddii uu jiro gal ama fayl aad rabto inaad ogaato cidda gelaysa, markaa kani waa habka la dhisay adiga oo aan isticmaalin software-ka dhinac saddexaad.

Habkani dhab ahaantii waa qayb ka mid ah habka amniga Windows ee loo yaqaan (Windows)Siyaasadda Kooxda( Group Policy) , kaas oo ay isticmaalaan inta badan Xirfadlayaasha IT-ga(IT Professionals) kuwaas oo maamula kombiyuutarada shabakada shirkadaha iyada oo loo marayo server-yada, si kastaba ha ahaatee, waxaa sidoo kale loo isticmaali karaa gudaha PC iyada oo aan lahayn wax server ah. Dhibka kaliya ee ku jira adeegsiga Siyaasadda Kooxda(Group Policy) ayaa ah inaan laga heli karin noocyada hoose ee Windows . Windows 7 , waxaad u baahan tahay inaad haysato Windows 7 Professional ama ka sareeya. Windows 8 , waxaad u baahan tahay Pro ama Enterprise .

Erayga Siyaasadda Kooxda(Group Policy) asal ahaan waxa ay tilmaamaysaa jaangooyooyin diwaangelineed oo lagu xakamayn karo iyada oo loo marayo is-dhexgal isticmaale garaaf ah. Waxaad awood u yeelataa ama damisaa dejinta kala duwan oo tafatirradan ayaa markaa lagu cusboonaysiiyaa diiwaanka Windows .

Gudaha Windows XP , si aad u hesho tifaftiraha siyaasadda, dhagsii Start ka dibna Run . Sanduuqa qoraalka, ku qor " gpedit.msc " iyada oo aan la helin xigashooyinka sida hoos ku cad:

orod gpedit

Gudaha Windows 7 , kaliya waxaad riixi kartaa batoonka Start oo ku qor (Start)gpedit.msc sanduuqa raadinta ee hoose ee Menu Start(Start Menu) . Gudaha Windows 8 , si fudud u tag shaashadda(Start Screen) bilawga oo billow garaac ama u guuri cursorkaaga dhinaca sare ee midigta ama midigta ee shaashadda si aad u furto Bar Charms oo guji (Charms)Search . Kadibna ku qor gpedit . Hadda waa inaad aragto wax la mid ah sawirka hoose:

tifaftiraha siyaasadda kooxda

Waxaa jira laba qaybood oo waaweyn oo siyaasado ah: Isticmaalaha(User) iyo kumbuyuutarka(Computer) . Sida aad qiyaasi lahayd, siyaasadaha adeegsaduhu waxay xukumaan jaangooyooyinka isticmaale kasta halka dejinta kombuyuutarku ay noqon doonaan goobo ballaadhan oo ay saamayn doonaan dhammaan isticmaaleyaasha. Xaaladeena waxaan dooneynaa in goobtayadu noqoto mid loogu talagalay dhammaan isticmaalayaasha, markaa waxaan ballaarin doonaa qaybta Isku-habaynta Kombiyuutarka(Computer Configuration) .

Sii wad ku fidinta Windows Settings ->  Security Settings -> Local Policies -> Audit Policy . Ma doonayo inaan ku sharaxo in badan oo ka mid ah goobaha kale ee halkan maadaama tani ay ugu horrayn diiradda saarayso xisaabinta galka. Hadda waxaad arki doontaa siyaasad dejineed iyo habayntooda hadda ee dhinaca midigta. Siyaasadda hanti-dhawrku waa waxa xukuma in nidaamka qalliinka la habeeyey iyo in kale oo diyaar u ah inuu la socdo isbeddellada.

helitaanka shayga hantidhawrka

Hadda hubi goobta gelitaanka shayga Hanti(Audit Object Access ) -dhawrka adiga oo laba jeer gujinaya oo dooranaya labadaba guusha(Success) iyo guul(Failure) -darrada . Guji OK(Click OK) oo hadda waxaan dhameynay qeybtii ugu horreysay oo u sheegaysa Windows inaan rabno inay diyaar u tahay inay la socdaan isbeddellada. Hadda tillaabada xigta waa in aan u sheegno waxa aan rabno(EXACTLY) in aan raacno. Waxaad hadda xidhi kartaa ka bixida Siyaasadda Kooxda(Group Policy) .

Hadda u gudub faylka adoo isticmaalaya Windows Explorer oo aad jeclaan lahayd inaad la socoto. Gudaha Explorer , midigta guji galka oo guji Properties . Guji tab Amniga( Security Tab) oo aad aragto wax la mid ah kan:

tab ammaanka sahamiyaha

Hadda dhagsii badhanka Advanced oo dhagsii tab Auditing . Tani waa meesha aan dhab ahaantii ku habeyn doono waxa aan rabno inaan kula soconno galkan.

daaqadaha tabka hantidhawrka

Horey u soco oo dhagsii badhanka Add Waxa soo bixi doona wada hadal kaa codsanaya inaad doorato isticmaale(User) ama koox(Group) . Sanduuqa, ku qor ereyga " isticmaalayaasha(users) " oo dhagsii Magaca Magacyada(Check Names) . Sanduuqa ayaa si otomaatig ah ula cusboonaysiin doona magaca kooxda isticmaalayaasha maxalliga ah ee kombuyuutarkaaga oo ah foomka COMPUTERNAME\Users .

ogolaanshaha kooxda isticmaalaha

Guji OK(Click OK) oo hadda waxaad heli doontaa wada hadal kale oo loo yaqaan " Audit Entry for X ". Kani waa hilibka dhabta ah ee waxa aanu rabnay inaanu samayno. Halkan waa meesha aad ka dooran doonto waxaad rabto inaad ku daawato galkan. Waxaad si gaar ah u dooran kartaa noocyada hawlaha aad rabto in aad la socoto, sida tirtirka ama abuurista faylasha / faylalka cusub, iwm(Full Control) . Taas u samee si aad u guuleysato iyo guul (Success)darrida(Failure) . Sidan, wax kasta oo lagu sameeyo galkaas ama faylasha ku jira, waxaad yeelan doontaa rikoodh.

sahamiyaha ogolaanshaha hantidhawrka

Hadda dhagsii OK oo taabo OK mar kale oo OK hal mar oo kale si aad uga baxdo sanduuqa wada hadalka ee badan. Oo hadda waxaad si guul leh u habaysay xisaabinta galka! Markaa waxaad waydiin kartaa, sidee u aragtaa dhacdooyinka?

Si aad u aragto dhacdooyinka, waxaad u baahan tahay inaad tagto Control Panel oo guji Qalabka Maamulka(Administrative Tools) . Markaa fur Daawaha Dhacdada(Event Viewer) . Guji qaybta Amniga(Security) oo waxaad arki doontaa liiska dhacdooyinka ee dhinaca midig:

ammaanka daawade dhacdo

Haddii aad horay u sii waddo oo aad sameyso fayl ama aad si fudud u furto galka oo guji batoonka Cusbooneysii ee ku yaala (Refresh)Muuqaalka Dhacdada(Event Viewer) (badhanka leh labada fallaadho ee cagaarka ah), waxaad arki doontaa farabadan dhacdooyinka qaybta Nidaamka Faylka( File System) . Kuwani waxay khuseeyaan tirtirid kasta, abuur, akhri, qor hawlgallada faylalka/faylalka aad xisaabinayso. Gudaha Windows 7 , wax kastaa hadda waxay ka soo baxayaan qaybta hawsha File System , si aad u aragto waxa dhacay, waa inaad mid walba gujisaa oo dhex rogtaa.

Si aad u sahlanaato in la eego dhacdooyin badan, waxaad dhejin kartaa filter oo kaliya waxaad arki kartaa waxyaabaha muhiimka ah. Guji(Click) liiska View ee sare oo guji Filter . Haddii aysan jirin ikhtiyaarka Shaandheynta(Filter) , ka dib midig-guji galka Amniga(Security) ee bogga bidix oo dooro Filter Log hadda(Filter Current Log) . Sanduuqa aqoonsiga dhacdada(Event ID) , ku qor lambarka 4656 . Tani waa dhacdada la xiriirta isticmaale gaar ah oo fulinaya ficil Nidaamka Faylka (File System ) waxayna ku siin doontaa macluumaadka la xiriira adiga oo aan fiirin kumanaan galmood.

log filter

Haddii aad rabto inaad hesho macluumaad dheeraad ah oo ku saabsan dhacdo, si fudud laba jeer guji si aad u aragto.

id dhacdada tirtirto

Tani waa macluumaadka laga helay shaashadda sare:

Qabashada shay ayaa la codsaday.(A handle to an object was requested.)

Mawduuca: (Subject:)
Security ID: Aseem-Lenovo\Aseem
Magaca Koontada: Aseem ( Account Name: Aseem)
Domain Account: Aseem-Lenovo ( Account Domain: Aseem-Lenovo)
Aqoonsiga Logon: 0x175a1( Logon ID: 0x175a1)

Shayga: (Object:)
Adeegaha Shayga: ( Object Server: Security)
Nooca Nabadgelyada Walaxda: Magaca faylka ( Object Type: File)
Object Name: C:\Users\Aseem\Desktop\Tufu\New Text Document.txt
Aqoonsiga Gacanta: 0x16a0( Handle ID: 0x16a0)

Macluumaadka (Process Information:)
Habka: Aqoonsiga Habka: 0x820 ( Process ID: 0x820)
Process Name: C:\Windows\explorer.exe

Helitaanka Macluumaadka Codsiga: (Access Request Information:)
Aqoonsiga Ganacsiga: {00000000-0000-0000-0000-00000000000} ( Transaction ID: {00000000-0000-0000-0000-000000000000})
Gelitaanka: ( Accesses: DELETE)
Tirtir SYNCHRONIZE Tilmaamaha ( SYNCHRONIZE)
Akhriska( ReadAttributes)

Tusaalaha kore, faylka lagu shaqeeyay wuxuu ahaa Dukumeenti Qoraal(New Text Document.txt) ah oo Cusub.txt oo ku jira galka Tufu ee miiskayga iyo marinnada aan codsaday waxa ay ahaayeen DELETE oo ay ku xigto SYNCHRONIZE . Waxa aan halkan ku sameeyay waa tirtiray faylka. Waa kan tusaale kale:

Nooca Shayga: ( Object Type: File)
Object Name: C:\Users\Aseem\Desktop\Tufu\Address Labels.docx
Aqoonsiga Gacanta: 0x178( Handle ID: 0x178)

Macluumaadka (Process Information:)
Habka: Aqoonsiga Habka: 0x1008 ( Process ID: 0x1008)
Process Name: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

Macluumaadka Codsiga Helitaanka: (Access Request Information:)Aqoonsiga ( WriteAttributes)Ganacsiga ( ReadAttributes)
: { ( Transaction ID: {00000000-0000-0000-0000-000000000000})00000000-0000-0000-0000-00000000000 ( WriteEA)} ( AppendData (or AddSubdirectory or CreatePipeInstance))Gelitaanka ( ReadEA)
: ( Accesses: READ_CONTROL)READ_CONTROL ( WriteData (or AddFile))
SYNCHRONIZE
ReadData( ReadData (or ListDirectory))





Sababaha gelitaanka: READ_CONTROL: Waxaa bixiyay lahaanshaha ( Access Reasons: READ_CONTROL: Granted by Ownership)
SYNCHRONIZE: Waxaa bixiyay D:(A;ID;FA;;;S-1-5-21-597862309-2018615179-2090787082-1000)( SYNCHRONIZE: Granted by D:(A;ID;FA;;;S-1-5-21-597862309-2018615179-2090787082-1000))

Markaad akhrido tan, waxaad arki kartaa inaan galay Cinwaanka Labels.docx anigoo(Address Labels.docx) isticmaalaya barnaamijka WINWORD.EXE iyo gelitaankeyga waxaa ka mid ahaa READ_CONTROL (WINWORD.EXE)iyo(READ_CONTROL) sababaha gelitaankayga sidoo kale READ_CONTROL . Caadi ahaan, waxaad arki doontaa farabadan gelisyo badan, laakiin kaliya diiradda saar kan ugu horreeya maadaama taasi badanaa tahay nooca ugu muhiimsan ee gelitaanka. Xaaladdan oo kale, waxaan si fudud u furay faylka anigoo isticmaalaya Word . Waxay qaadanaysaa tijaabo yar iyo akhrinta dhacdooyinka si loo fahmo waxa socda, laakiin markaad hoos u dhigto, waa nidaam la isku halayn karo. Waxaan soo jeedinayaa in la abuuro gal imtixaan leh faylal iyo samaynta ficillo kala duwan si loo arko waxa ka muuqda Muuqaalka Dhacdada(Event Viewer) .

Taasi waa wax aad u qurux badan! Hab degdeg ah oo xor ah oo lagula socdo gelitaanka ama beddelka galka!



Alexis Walker

About the author

Ganacsi ahaan, waxay ku saabsan tahay abuurista qiimaha macaamiishaada iyo macaamiishaada. Waxaan diiradda saarayaa bixinta tilmaamo tallaabo-tallaabo ah oo ka caawinaya akhristayaashayda inay sida ugu badan uga faa'iidaystaan ​​qalabkooda iyo software-kooda, anigoo isticmaalaya Microsoft Office. Xirfadahayga waxaa ka mid ah kiiboodhka iyo rakibida darawalada, iyo sidoo kale taageerada Microsoft Office. Sannadaha aan khibrad u leeyahay warshadaha, waxaan kaa caawin karaa inaad daboosho baahi kasta oo hardware ama software ah oo aad u baahan tahay.


Related posts