Windows 2003 Server File Access Auditing

Hello experts, I would like to set up auditing on a few specific files. I was wondering if someone would be willing to walk me through this process. The server I would like to configure is an active directory domain server, serving approximately 50 users. Thank you in advance.
jtgraphicAsked:
Who is Participating?
 
star_trekCommented:
I tested the script and working for me: May be you need to add this before the objemail.from:

objEmail.Sender="brucec@msivt.com"
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
jtgraphicAuthor Commented:
Is there a way to have the log emailed to me on a regular basis automatically from the server?
0
 
star_trekCommented:
Okay, may be you can do this: you can set the log parser and save it as a CSV or a graph. it can be scheduled to run daily or weekly. Then you can have another script that is scheduled to run regualrly will email you the logs files.

0
 
jtgraphicAuthor Commented:
How do I save it as a graph?
0
 
jtgraphicAuthor Commented:
Also the log is filling at a very fast pace and not recording only the file I specified but all access
0
 
star_trekCommented:
Script to email the audit logs. You can change this script to you requirements:

Ex: strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Security)}!\\" _
    & strComputer & "\root\cimv2")


Set colLoggedEvents = objWMIService.ExecQuery _
    ("Select * from Win32_NTLogEvent Where" _
    & " Logfile = 'Security' and Type = 'audit success'",,48)


On Error Resume Next
For Each objItem in colLoggedEvents
 Set objEmail = CreateObject("CDO.Message")
 objEmail.From = "Security_Failure"
 objEmail.To = "t...@test.com"
 objEmail.Subject = "Security Failure For (" & "Libgonas02" & ")"
 objEmail.Textbody = objItem.Message
 objEmail.Configuration.Fields.Item _
     ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
 objEmail.Configuration.Fields.Item _
     ("http://schemas.microsoft.com/cdo/configuration/smtpserver") =  "10.32.81.80"
 objEmail.Configuration.Fields.Item _
     ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
 objEmail.Configuration.Fields.Update
 objEmail.Send
 Next

=============================================================

Log parser is a tool that will save the event logs in text or graphical format. You need to install it on the machine. For more info on it:
http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en
http://www.logparser.com/
0
 
jtgraphicAuthor Commented:
What does the first line Ex: strComputer = "."  do, It is generating an error on execution.
0
 
star_trekCommented:
that is the computer name from which you are trying to get the the logs
0
 
jtgraphicAuthor Commented:
I can not get the script to email, what am I missing from the equation?
strComputer = "10.150.199.174"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Security)}!\\" _
    & strComputer & "\root\cimv2")


Set colLoggedEvents = objWMIService.ExecQuery _
    ("Select * from Win32_NTLogEvent Where" _
    & " Logfile = 'Security' and Type = 'audit success'",,48)


On Error Resume Next
For Each objItem in colLoggedEvents
 Set objEmail = CreateObject("CDO.Message")
 objEmail.From = "Security_Failure"
 objEmail.To = "brucec@msivt.com"
 objEmail.Subject = "Security Failure For (" & "Libgonas02" & ")"
 objEmail.Textbody = objItem.Message
 objEmail.Configuration.Fields.Item _
     ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
 objEmail.Configuration.Fields.Item _
     ("http://schemas.microsoft.com/cdo/configuration/smtpserver") =  "mail.msivt.com"
 objEmail.Configuration.Fields.Item _
     ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
 objEmail.Configuration.Fields.Update
 objEmail.Send
 Next
0
 
jtgraphicAuthor Commented:
That was the key, Thank you very much!
0
 
star_trekCommented:
glad to help!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.