Solved

Tracking User File Access and Activity in Active Directory

Posted on 2007-11-30
5
3,311 Views
Last Modified: 2013-12-04
I need to be able to track user's acess to files and determine whether or not they copy the files to another PC or media, etc.  I'm running a combination of Windows 2000 and 2003 servers and Windows XP Pro clients in an Acitve Directory environment.  Is there some policy I can set up to log this specific informaiton?  If so, how would that be set up?  Or, is there some third party software I need to get?  
0
Comment
Question by:Tenrags
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 20385769
> I need to be able to track user's acess to files and determine whether or not they copy the files to another PC or media, etc.

basically, if you only use built-in functionalities of MS OSes, you need to enable security audit on the servers (where the files are from) and the client computers (where the files to be copied to). commonly you should audit a few security-sensitive resources only, not all resources on servers and client computers, as it will generate huge logs in system events, and probably reduce performance.

to enable security audit, run GPEDIT.MSC at command prompt to enter Group Policy MMC, under Computer Configuration | Windows Settings | Security Settings | Local Policies | Audit Policy, choose the event types to be audit.

to audit a specific file or folder, go to Windows Explorer, right-click the file/folder name, choose Properties | Security | Advanced | Auditing, add the items to be audited.

for more information regarding security audit on Windows, please read the following MS official article.

How to enable and apply security auditing in Windows 2000
http://support.microsoft.com/kb/300549

hope it helps,
bbao
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20394720
0
 

Author Comment

by:Tenrags
ID: 20404678
Thanks.  It looks as if this only logs success/failure of object access.  Anything out there that would tell me if the files/folders were copied and possibly where they were copied to?
0
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 250 total points
ID: 20406615
> if the files/folders were copied

in server side logs

> and possibly where they were copied to

in client side logs
0
 

Author Comment

by:Tenrags
ID: 20411358
Thanks bbao.
0

Join & Write a Comment

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now