Thursday, February 18, 2010

Auditing a Shared Folder

Windows 7 and Server 2008 both have the feature to audit File Share. As stated by Microsoft, "This security policy setting determines whether the operating system generates audit events when a file share is accessed." We will be using this feature as other Systems Administrators do to detect if there has been intrusion. Remember that to stop the intrusion, effective firewalls are necessary.
Follow these steps to use Audit File Share:
  1. Open Local Security Policy by clicking the Start button, typing secpol.msc into the search box, and then clicking secpol.If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

  2. In the left pane, expand the Advanced Audit Policy Configuration folder. Expand System Audit Policies - Local Group. Double-click on Object Access.

  3. In the right pane double-click on Audit File Share.

  4. In the Audit File Share Properties window select the Configure the following events: check box. Then select the Success check box and the Failure check box to audit both successful and unsuccessful attempts to access a shared folder. Then click OK.


Unknown said...

Nice blog post, I am pleased to read this post related to auditing share folder I found file access auditing( which helps to monitor unauthorized file server accessing in a specific date and time on windows server and know who accessed all files and folders from which location by whom.

fausetjessie said...

A solution for monitoring user access to local and remote files and keeping detailed history of file operations: creating, moving, deleting, reading and writing to files. Flexible reporting capabilities, notifications, and a powerful filtering system.

smithjake said...

Thanks, it's very informative article related to track user activity. I found the good option from file access auditing solution which assists to track user activities. This tool allows me to audit access events on file/ folder and reporting of the entire File servers from a centralized location. It generates instant alerts on all the critical changes made in file servers.