Solved

File access, modification or deletion logs

Posted on 2006-11-27
7
206 Views
Last Modified: 2013-12-04
Is there a way to view a file acess history in xp or in conjunction on windows servers in an AD environment? The only thing I could find remotely close to this is the different time stamps for a files properties.

Basicly, is it logged anywhere either on an xp machine or in an active directory environment which user last viewed a file, who deleted a file, ect.
0
Comment
Question by:xDavidHx
  • 3
  • 2
  • 2
7 Comments
 
LVL 67

Accepted Solution

by:
sirbounty earned 125 total points
ID: 18024318
Via the use of file auditing - but it must be turned on for you to gain the above advantages:

http://support.microsoft.com/?id=310399
0
 

Author Comment

by:xDavidHx
ID: 18024368
can you enable auditing on all objects by default or do you have to manually enable it per object after enabling it in gp?

is there an option to audit all users under the object or do you have to manually create the list of users to audit?
0
 

Author Comment

by:xDavidHx
ID: 18024461
I just enabled failure and sucess auting on my pc, did a gpupdate /force

enabled file deletion sucess auditing on my C drive for the user im logged in with, deleted a file on my C drive and im not seeing the event in my event viewer security logs
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 18025781
Auditing is available only for NTSF files and folders (and printers). After you enable "Object access" auditinig in policy you sholud go to Security tab of folder (file), click Advanced button, select Auditing tab and add proper group to enable auditing. I would suggest that you do not enable auditing for large group of users (for example Everyone) on entire drive. This would generate too many entries in your Security log.
0
 

Author Comment

by:xDavidHx
ID: 18033443
Did all that, still no security log entries
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18033525
xDavidHx - did you right-click the file(s)/folder(s) you want audited and choose Security?
From there, you'll need to click the Advanced button, Auditing tab, and add the users/groups that you want to audit, along with 'what' you want to audit...
After you've added the user(s)/group(s) - you can choose what to audit there...let me know if that doesn't solve it for you...
0
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 18034674
Does your Auditing policy apply to proper computer account? You can use "gpresult" to check or you can enable auditing of account logon, logoff, logon again and check Security log. Any entries now?
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now