Solved

Is there a way to monitor what users do with files and directories on a Windows Server 2003 R2?

Posted on 2010-11-18
6
321 Views
Last Modified: 2012-05-10
Hello all,

Im needing to use any software or procedure to log and filter what users and what they are doing with files and directories. What may I do? What software may I have to install to see what user deleted a file or renamed a directory, for example. We have a Windows Server 2003 R2 as a file server in a AD 2003 domain.
0
Comment
Question by:jeronimo1377
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Accepted Solution

by:
moon_blue69 earned 125 total points
ID: 34168855
you can add auditing. Go to the files properties click on advanced and on auditing choose what you want to audit.

In group policy go to computer settings -> windows settings->local policies->audit policis-> enable object access auditing. Dont forget to add users whom you want to monitor. If all of them go for everyone
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 250 total points
ID: 34168858
You can enable auditing on the file server and comb through the security logs. Or you can get a program like change auditor for file servers from Quest. There are others out there as well.


http://technet.microsoft.com/en-us/library/dd560628(WS.10).aspx

http://www.scriptlogic.com/products/change-auditor/
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34168880
Now you can view object access events from event viewer
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:jeronimo1377
ID: 34169081
About the Windows Auditing log: I used that config but the Security Logs arent so practical to use because for one simple file deleted I have more than 5 entries. Another question: how may I filter all that logs? I need to find rapidly between an interval, for example: between  day 01/01/2010 and 10/01/2010 what users did to a specific directory. The Windows Auditing log isnt good to find that type of information. And our windows file server has more than 700,000 files and 20,000 directories. The log will blow up soon, hehehe.
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 250 total points
ID: 34169114
if you want history or searching you will need to get something like change auditor
Also there is splunk and that is free. But with splunk you will still have all the logs but it will be easier to search than the windows logs.

http://www.splunk.com/
0
 
LVL 4

Assisted Solution

by:JustMy2Cents
JustMy2Cents earned 125 total points
ID: 34172082
A software solution that matches your requirements (the name is FileAudit) has recently been reviewed on TechRepublic:
http://blogs.techrepublic.com.com/networking/?p=3068

0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question