Solved

Is there a way to monitor what users do with files and directories on a Windows Server 2003 R2?

Posted on 2010-11-18
6
317 Views
Last Modified: 2012-05-10
Hello all,

Im needing to use any software or procedure to log and filter what users and what they are doing with files and directories. What may I do? What software may I have to install to see what user deleted a file or renamed a directory, for example. We have a Windows Server 2003 R2 as a file server in a AD 2003 domain.
0
Comment
Question by:jeronimo1377
6 Comments
 
LVL 10

Accepted Solution

by:
moon_blue69 earned 125 total points
ID: 34168855
you can add auditing. Go to the files properties click on advanced and on auditing choose what you want to audit.

In group policy go to computer settings -> windows settings->local policies->audit policis-> enable object access auditing. Dont forget to add users whom you want to monitor. If all of them go for everyone
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 250 total points
ID: 34168858
You can enable auditing on the file server and comb through the security logs. Or you can get a program like change auditor for file servers from Quest. There are others out there as well.


http://technet.microsoft.com/en-us/library/dd560628(WS.10).aspx

http://www.scriptlogic.com/products/change-auditor/
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34168880
Now you can view object access events from event viewer
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:jeronimo1377
ID: 34169081
About the Windows Auditing log: I used that config but the Security Logs arent so practical to use because for one simple file deleted I have more than 5 entries. Another question: how may I filter all that logs? I need to find rapidly between an interval, for example: between  day 01/01/2010 and 10/01/2010 what users did to a specific directory. The Windows Auditing log isnt good to find that type of information. And our windows file server has more than 700,000 files and 20,000 directories. The log will blow up soon, hehehe.
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 250 total points
ID: 34169114
if you want history or searching you will need to get something like change auditor
Also there is splunk and that is free. But with splunk you will still have all the logs but it will be easier to search than the windows logs.

http://www.splunk.com/
0
 
LVL 4

Assisted Solution

by:JustMy2Cents
JustMy2Cents earned 125 total points
ID: 34172082
A software solution that matches your requirements (the name is FileAudit) has recently been reviewed on TechRepublic:
http://blogs.techrepublic.com.com/networking/?p=3068

0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question