Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 217
  • Last Modified:

File access, modification or deletion logs

Is there a way to view a file acess history in xp or in conjunction on windows servers in an AD environment? The only thing I could find remotely close to this is the different time stamps for a files properties.

Basicly, is it logged anywhere either on an xp machine or in an active directory environment which user last viewed a file, who deleted a file, ect.
0
xDavidHx
Asked:
xDavidHx
  • 3
  • 2
  • 2
1 Solution
 
sirbountyCommented:
Via the use of file auditing - but it must be turned on for you to gain the above advantages:

http://support.microsoft.com/?id=310399
0
 
xDavidHxAuthor Commented:
can you enable auditing on all objects by default or do you have to manually enable it per object after enabling it in gp?

is there an option to audit all users under the object or do you have to manually create the list of users to audit?
0
 
xDavidHxAuthor Commented:
I just enabled failure and sucess auting on my pc, did a gpupdate /force

enabled file deletion sucess auditing on my C drive for the user im logged in with, deleted a file on my C drive and im not seeing the event in my event viewer security logs
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Toni UranjekConsultant/TrainerCommented:
Auditing is available only for NTSF files and folders (and printers). After you enable "Object access" auditinig in policy you sholud go to Security tab of folder (file), click Advanced button, select Auditing tab and add proper group to enable auditing. I would suggest that you do not enable auditing for large group of users (for example Everyone) on entire drive. This would generate too many entries in your Security log.
0
 
xDavidHxAuthor Commented:
Did all that, still no security log entries
0
 
sirbountyCommented:
xDavidHx - did you right-click the file(s)/folder(s) you want audited and choose Security?
From there, you'll need to click the Advanced button, Auditing tab, and add the users/groups that you want to audit, along with 'what' you want to audit...
After you've added the user(s)/group(s) - you can choose what to audit there...let me know if that doesn't solve it for you...
0
 
Toni UranjekConsultant/TrainerCommented:
Does your Auditing policy apply to proper computer account? You can use "gpresult" to check or you can enable auditing of account logon, logoff, logon again and check Security log. Any entries now?
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now