omb
asked on
SBS 2003 file access auditing / monitoring
I would like to be able to monitor/audit the file activity of users witin an SBS 2003 network (who changes what, where and when). I know there is a monitoring feature in Windows 2003 Server which writes to the Security Log - however, I don't know much about this and whether it delivers nice reports of this info... I haven't got the time to spend lots of time going through event logs.
Is there a feature in SBS which can deliver me reports of who's doing what (in a nice readable format) on our network? If not, any recommendations of tools which I can install (would be nice if they were opensource/freeware ;O) ).
Thanks for your comments.
Is there a feature in SBS which can deliver me reports of who's doing what (in a nice readable format) on our network? If not, any recommendations of tools which I can install (would be nice if they were opensource/freeware ;O) ).
Thanks for your comments.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It won't tell you anymore information than an event in the security log (which does tell you who did what to which file and when). You can, however, set it to only monitor for these events after-hours or only on a specific server, etc.
ASKER
What I am after is a tool to analyse the Security Log so that I can query and report it i.e. which user last had access to file1 or which files has user1 last edited/accessed? Will the GFI solution help me here?
Yes. There's a tool (that comes with the package) called GFI Reporter (or something like that) where you can create custom reports based on whatever criteria you want.
Try the program out. Go to gfi.com and download a 30 day (I think) trial where you can monitor up to 3 servers.
Try the program out. Go to gfi.com and download a 30 day (I think) trial where you can monitor up to 3 servers.
bluntguy76: Can Health Monitor deliver me reports / stats of file access info for my fileserver (who did what to which file and when)?
No it's not that "powerfull"
It only monitors one server.
You can create custom reports but there are mostly all based on the WMI ( all these counters that you can access through the performance console )
No it's not that "powerfull"
It only monitors one server.
You can create custom reports but there are mostly all based on the WMI ( all these counters that you can access through the performance console )
ASKER
victornegri: Does GFI Event Log Monitor take all the logging info out of the Security Log and make it more readible? With this product can I easily see file access info for my fileserver (who did what to which file and when)?
bluntguy76: Can Health Monitor deliver me reports / stats of file access info for my fileserver (who did what to which file and when)?