?
Solved

Is there a way to monitor what users do with files and directories on a Windows Server 2003 R2?

Posted on 2010-11-18
6
Medium Priority
?
323 Views
Last Modified: 2012-05-10
Hello all,

Im needing to use any software or procedure to log and filter what users and what they are doing with files and directories. What may I do? What software may I have to install to see what user deleted a file or renamed a directory, for example. We have a Windows Server 2003 R2 as a file server in a AD 2003 domain.
0
Comment
Question by:jeronimo1377
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Accepted Solution

by:
moon_blue69 earned 500 total points
ID: 34168855
you can add auditing. Go to the files properties click on advanced and on auditing choose what you want to audit.

In group policy go to computer settings -> windows settings->local policies->audit policis-> enable object access auditing. Dont forget to add users whom you want to monitor. If all of them go for everyone
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 1000 total points
ID: 34168858
You can enable auditing on the file server and comb through the security logs. Or you can get a program like change auditor for file servers from Quest. There are others out there as well.


http://technet.microsoft.com/en-us/library/dd560628(WS.10).aspx

http://www.scriptlogic.com/products/change-auditor/
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34168880
Now you can view object access events from event viewer
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:jeronimo1377
ID: 34169081
About the Windows Auditing log: I used that config but the Security Logs arent so practical to use because for one simple file deleted I have more than 5 entries. Another question: how may I filter all that logs? I need to find rapidly between an interval, for example: between  day 01/01/2010 and 10/01/2010 what users did to a specific directory. The Windows Auditing log isnt good to find that type of information. And our windows file server has more than 700,000 files and 20,000 directories. The log will blow up soon, hehehe.
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 1000 total points
ID: 34169114
if you want history or searching you will need to get something like change auditor
Also there is splunk and that is free. But with splunk you will still have all the logs but it will be easier to search than the windows logs.

http://www.splunk.com/
0
 
LVL 4

Assisted Solution

by:JustMy2Cents
JustMy2Cents earned 500 total points
ID: 34172082
A software solution that matches your requirements (the name is FileAudit) has recently been reviewed on TechRepublic:
http://blogs.techrepublic.com.com/networking/?p=3068

0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question