Auditing Security Events

I want to set auditing on only one Shared folder on a server that holds home folders for users and a shared department data folder. I want to capture folder moves, creations, deletions and security changes to the folders using the built in auditing features of Windows 2003. I know that this can potentially make my security event logs get very big.

Does anyone have suggestions or recommendation on how to do this?
Y2KBDSAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
KCTSConnect With a Mentor Commented:
First you need to go to the Local Security Policy and go to the Audit Policy and enable the auditiong of Object Access (as you only want to record whrn something has happend just select "success"

Then on the folder go to Security->Advanced and select the auditing tab. Add the group(s) you want to monitor (or use Everyone), and then specify the events to be logged.
0
 
netskyb0Commented:
Standard procedure:

Open GP Management on your server and in computer security policy you have to enable "object auditing" then right click the folder you interested in auditing and go to properties, then click "security", advanced and "auditing" then create policy for auditing for users, actions and so on.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.