Solved

Tracking User File Access and Activity in Active Directory

Posted on 2007-11-30
5
3,318 Views
Last Modified: 2013-12-04
I need to be able to track user's acess to files and determine whether or not they copy the files to another PC or media, etc.  I'm running a combination of Windows 2000 and 2003 servers and Windows XP Pro clients in an Acitve Directory environment.  Is there some policy I can set up to log this specific informaiton?  If so, how would that be set up?  Or, is there some third party software I need to get?  
0
Comment
Question by:Tenrags
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 20385769
> I need to be able to track user's acess to files and determine whether or not they copy the files to another PC or media, etc.

basically, if you only use built-in functionalities of MS OSes, you need to enable security audit on the servers (where the files are from) and the client computers (where the files to be copied to). commonly you should audit a few security-sensitive resources only, not all resources on servers and client computers, as it will generate huge logs in system events, and probably reduce performance.

to enable security audit, run GPEDIT.MSC at command prompt to enter Group Policy MMC, under Computer Configuration | Windows Settings | Security Settings | Local Policies | Audit Policy, choose the event types to be audit.

to audit a specific file or folder, go to Windows Explorer, right-click the file/folder name, choose Properties | Security | Advanced | Auditing, add the items to be audited.

for more information regarding security audit on Windows, please read the following MS official article.

How to enable and apply security auditing in Windows 2000
http://support.microsoft.com/kb/300549

hope it helps,
bbao
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20394720
0
 

Author Comment

by:Tenrags
ID: 20404678
Thanks.  It looks as if this only logs success/failure of object access.  Anything out there that would tell me if the files/folders were copied and possibly where they were copied to?
0
 
LVL 37

Accepted Solution

by:
bbao earned 250 total points
ID: 20406615
> if the files/folders were copied

in server side logs

> and possibly where they were copied to

in client side logs
0
 

Author Comment

by:Tenrags
ID: 20411358
Thanks bbao.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DSRM password 5 42
Powershell script for inactive computer accounts 3 25
DNS server pulling non-authorative answer 3 34
Windows 2012 R2 DFS Replication 12 47
In-place Upgrading Dirsync to Azure AD Connect
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question