Solved

Tracking User File Access and Activity in Active Directory

Posted on 2007-11-30
5
3,320 Views
Last Modified: 2013-12-04
I need to be able to track user's acess to files and determine whether or not they copy the files to another PC or media, etc.  I'm running a combination of Windows 2000 and 2003 servers and Windows XP Pro clients in an Acitve Directory environment.  Is there some policy I can set up to log this specific informaiton?  If so, how would that be set up?  Or, is there some third party software I need to get?  
0
Comment
Question by:Tenrags
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 20385769
> I need to be able to track user's acess to files and determine whether or not they copy the files to another PC or media, etc.

basically, if you only use built-in functionalities of MS OSes, you need to enable security audit on the servers (where the files are from) and the client computers (where the files to be copied to). commonly you should audit a few security-sensitive resources only, not all resources on servers and client computers, as it will generate huge logs in system events, and probably reduce performance.

to enable security audit, run GPEDIT.MSC at command prompt to enter Group Policy MMC, under Computer Configuration | Windows Settings | Security Settings | Local Policies | Audit Policy, choose the event types to be audit.

to audit a specific file or folder, go to Windows Explorer, right-click the file/folder name, choose Properties | Security | Advanced | Auditing, add the items to be audited.

for more information regarding security audit on Windows, please read the following MS official article.

How to enable and apply security auditing in Windows 2000
http://support.microsoft.com/kb/300549

hope it helps,
bbao
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20394720
0
 

Author Comment

by:Tenrags
ID: 20404678
Thanks.  It looks as if this only logs success/failure of object access.  Anything out there that would tell me if the files/folders were copied and possibly where they were copied to?
0
 
LVL 37

Accepted Solution

by:
bbao earned 250 total points
ID: 20406615
> if the files/folders were copied

in server side logs

> and possibly where they were copied to

in client side logs
0
 

Author Comment

by:Tenrags
ID: 20411358
Thanks bbao.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
A hard and fast method for reducing Active Directory Administrators members.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question