Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Tracking User File Access and Activity in Active Directory

Posted on 2007-11-30
5
Medium Priority
?
3,327 Views
Last Modified: 2013-12-04
I need to be able to track user's acess to files and determine whether or not they copy the files to another PC or media, etc.  I'm running a combination of Windows 2000 and 2003 servers and Windows XP Pro clients in an Acitve Directory environment.  Is there some policy I can set up to log this specific informaiton?  If so, how would that be set up?  Or, is there some third party software I need to get?  
0
Comment
Question by:Tenrags
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 20385769
> I need to be able to track user's acess to files and determine whether or not they copy the files to another PC or media, etc.

basically, if you only use built-in functionalities of MS OSes, you need to enable security audit on the servers (where the files are from) and the client computers (where the files to be copied to). commonly you should audit a few security-sensitive resources only, not all resources on servers and client computers, as it will generate huge logs in system events, and probably reduce performance.

to enable security audit, run GPEDIT.MSC at command prompt to enter Group Policy MMC, under Computer Configuration | Windows Settings | Security Settings | Local Policies | Audit Policy, choose the event types to be audit.

to audit a specific file or folder, go to Windows Explorer, right-click the file/folder name, choose Properties | Security | Advanced | Auditing, add the items to be audited.

for more information regarding security audit on Windows, please read the following MS official article.

How to enable and apply security auditing in Windows 2000
http://support.microsoft.com/kb/300549

hope it helps,
bbao
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20394720
0
 

Author Comment

by:Tenrags
ID: 20404678
Thanks.  It looks as if this only logs success/failure of object access.  Anything out there that would tell me if the files/folders were copied and possibly where they were copied to?
0
 
LVL 37

Accepted Solution

by:
bbao earned 750 total points
ID: 20406615
> if the files/folders were copied

in server side logs

> and possibly where they were copied to

in client side logs
0
 

Author Comment

by:Tenrags
ID: 20411358
Thanks bbao.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question