[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Require software which can moniter the file server

Posted on 2006-06-04
6
Medium Priority
?
313 Views
Last Modified: 2010-04-19
Dear Sir,

Can u pls advise me how to moniter the user's  using share folder on the SBS2000.
sir, i will very thankfull if sumbody suggest me thired part software which can moniter each user activities on the sharefolder.For eg. when did he log  on the server. how many times he used the sharedfolder. which file he open from the sharefolder. which file he has save on his Desktop from the sharefolder, which file from the sharefoler he has taken the print.

can u pls suggest me the softerware which can keep moniter of network user activties on the sharefolder on the SBS2000.
Looking for the  great soltion

Thanks
Affaque
0
Comment
Question by:affaque123
  • 2
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 16826590
Affaque

why not simply turn on auditing? then audit file/folder access - logon events etc? this funtionality is allready built into windows you just need to turn it on.

Small Business Server 2000 Getting Started Guide
Chapter 9 - System Security -auditing and monotoring
http://www.microsoft.com/technet/prodtechnol/sbs/2000/plan/guide/sbspni5i.mspx#E6HAC

Auditing and Monitoring
Auditing and monitoring are important steps that help you discover security breaches. Monitoring is the active watching of a system. Auditing follows the trail left by various logs to find out who has been accessing the system and what they have been doing.

You can use different tools that are included with Windows 2000 Server and Small Business Server 2000 to audit and monitor the network, both to see what your own users are doing and what people accessing your Web site are doing.

Watching the Outside World
It is always a good idea to keep track of who is accessing your Web site and their activities while they are there. You can audit traffic on your Web site by using IIS, which ships as part of Windows 2000 Server and Small Business Server 2000. Administrators can use security-auditing techniques to monitor a broad range of user and Web server security activity. Auditing consists of creating auditing policies for directory and file access or server events and monitoring the Security Logs to detect any access attempts by unauthorized persons.

Watching the Inside World

You sometimes have to watch what your users are doing to ensure that they are not installing software they are not supposed to use, accessing files to which they should not have access, or otherwise violating security privileges. By using Windows 2000 Server Event Logs, you can audit any of the following activities or settings:

• Account logon events
 
• Account management
 
• Directory service access
 
• Logon events
 
• Object access
 
• Policy change
 
• Privilege use
 
• Process tracking
 
• System events
 
0
 

Author Comment

by:affaque123
ID: 16826817
will it effect the performance of the server. because of log files
0
 

Author Comment

by:affaque123
ID: 16826999
pls guide me how to enable Auot log for internal user who are accessing sharefolders

Thanks
A
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 2000 total points
ID: 16828192
>>will it effect the performance of the server. because of log files

Logging all file access will have a performace hit - but you can disable it at a stroke if you find it unaceeptablr :)

Auditing Folder Access

To enable Auditing of access to files and folders (Microsoft call this type of auditing "Audit Object Access")
be aware of how auditing works,

You can audit a lot more in XP or Server 2003 than you could in older Operating systems (NT and 2K) but essentially
auditing will only ever flag two things,

1. <something> was successful (success)
2. <something was NOT successful (Failure)

By default all auditing on all objects is turned off (set to No Auditing)

For the following I'll assume you want to enable auditing on a folder called "Shared" on a server called "Server"
but these rules are exactly the same on a client.

Log into "Server"

1. Turn the auditing system on. Click Start  > Run > gpedit.msc {enter} NB We are in LOCAL policies here DONT define auditing in Domain policy as all your clients event viewers will fill up with junk, and it slows them down.

2. Navigate to "Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\"

3. Double click "Audit Object Access" > Tick Success and Failure > apply > OK

4. Exit the Group policy Editor

5. Navigate to the "share" Folder > right click > properties > security > advanced > auditing

6. DONT click ADD, double click in the "white-space" in the middle of the auditing window.

7. By default the "Everyone" Group is selected, leave it this way unless there is a specific group you want to audit.

8. Select the "actions" you want to audit > OK >OK >OK

Audited Events will now be displayed in the event viewer > security log
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month18 days, 17 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question