Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 328
  • Last Modified:

Is there a way to monitor what users do with files and directories on a Windows Server 2003 R2?

Hello all,

Im needing to use any software or procedure to log and filter what users and what they are doing with files and directories. What may I do? What software may I have to install to see what user deleted a file or renamed a directory, for example. We have a Windows Server 2003 R2 as a file server in a AD 2003 domain.
0
jeronimo1377
Asked:
jeronimo1377
4 Solutions
 
moon_blue69Commented:
you can add auditing. Go to the files properties click on advanced and on auditing choose what you want to audit.

In group policy go to computer settings -> windows settings->local policies->audit policis-> enable object access auditing. Dont forget to add users whom you want to monitor. If all of them go for everyone
0
 
KenMcFCommented:
You can enable auditing on the file server and comb through the security logs. Or you can get a program like change auditor for file servers from Quest. There are others out there as well.


http://technet.microsoft.com/en-us/library/dd560628(WS.10).aspx

http://www.scriptlogic.com/products/change-auditor/
0
 
moon_blue69Commented:
Now you can view object access events from event viewer
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
jeronimo1377Author Commented:
About the Windows Auditing log: I used that config but the Security Logs arent so practical to use because for one simple file deleted I have more than 5 entries. Another question: how may I filter all that logs? I need to find rapidly between an interval, for example: between  day 01/01/2010 and 10/01/2010 what users did to a specific directory. The Windows Auditing log isnt good to find that type of information. And our windows file server has more than 700,000 files and 20,000 directories. The log will blow up soon, hehehe.
0
 
KenMcFCommented:
if you want history or searching you will need to get something like change auditor
Also there is splunk and that is free. But with splunk you will still have all the logs but it will be easier to search than the windows logs.

http://www.splunk.com/
0
 
JustMy2CentsCommented:
A software solution that matches your requirements (the name is FileAudit) has recently been reviewed on TechRepublic:
http://blogs.techrepublic.com.com/networking/?p=3068

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now