Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Is there a way to monitor what users do with files and directories on a Windows Server 2003 R2?

Posted on 2010-11-18
6
Medium Priority
?
325 Views
Last Modified: 2012-05-10
Hello all,

Im needing to use any software or procedure to log and filter what users and what they are doing with files and directories. What may I do? What software may I have to install to see what user deleted a file or renamed a directory, for example. We have a Windows Server 2003 R2 as a file server in a AD 2003 domain.
0
Comment
Question by:jeronimo1377
6 Comments
 
LVL 10

Accepted Solution

by:
moon_blue69 earned 500 total points
ID: 34168855
you can add auditing. Go to the files properties click on advanced and on auditing choose what you want to audit.

In group policy go to computer settings -> windows settings->local policies->audit policis-> enable object access auditing. Dont forget to add users whom you want to monitor. If all of them go for everyone
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 1000 total points
ID: 34168858
You can enable auditing on the file server and comb through the security logs. Or you can get a program like change auditor for file servers from Quest. There are others out there as well.


http://technet.microsoft.com/en-us/library/dd560628(WS.10).aspx

http://www.scriptlogic.com/products/change-auditor/
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34168880
Now you can view object access events from event viewer
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:jeronimo1377
ID: 34169081
About the Windows Auditing log: I used that config but the Security Logs arent so practical to use because for one simple file deleted I have more than 5 entries. Another question: how may I filter all that logs? I need to find rapidly between an interval, for example: between  day 01/01/2010 and 10/01/2010 what users did to a specific directory. The Windows Auditing log isnt good to find that type of information. And our windows file server has more than 700,000 files and 20,000 directories. The log will blow up soon, hehehe.
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 1000 total points
ID: 34169114
if you want history or searching you will need to get something like change auditor
Also there is splunk and that is free. But with splunk you will still have all the logs but it will be easier to search than the windows logs.

http://www.splunk.com/
0
 
LVL 4

Assisted Solution

by:JustMy2Cents
JustMy2Cents earned 500 total points
ID: 34172082
A software solution that matches your requirements (the name is FileAudit) has recently been reviewed on TechRepublic:
http://blogs.techrepublic.com.com/networking/?p=3068

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question