How to log security events for file access on Windows 2008 R2 file server

hi, i want to look at events in the eventviewer of a Windows 2008 R2 file server to see whether users have authenticated successfully to access shares.
I do not intend to turn on auditing for files/folders. can someone please advise what events i should be looking for?
thanks
FphcareAdminsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

HighTemplar56Commented:
why are you against auditing? that is your only option.
0
FphcareAdminsAuthor Commented:
i am hoping there is someway i can atleast know which users attempted to access any share on the server. auditing would add too much overhead on our file server
0
vmaganCommented:
the only way possible is by turning on file auditing, which is also very handy. not sure why you dont want to use this, you can also filter it so that you will only see that specific audit and the event log wont be over saturated with junk that you dont want to see.
seems like you know how to use file auditing but if not see link below.

http://www.techrepublic.com/article/step-by-step-how-to-audit-file-and-folder-access-to-improve-windows-2000-pro-security/5034308

and you can also use a script to monitor the event logs, see links below:

You can use a script.  See these articles for examples:
http://www.microsoft.com/technet/scriptcenter/resources/qanda/aug05/hey0816.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/sept05/hey0913.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct04/hey1026.mspx 

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

FphcareAdminsAuthor Commented:
thanks vgagan. but i was wondering if i can do it against user attempts for any share without using auditing.
0
vmaganCommented:
here is something else i found online which is not free but you might be able to get what you need just by doing a 30 day trial:

http://www.manageengine.com/products/active-directory-audit/windows-file-server-auditing.html?ADAPID=1111&kw=auditing%20file%20server&adId=6057247247&gclid=CKrvvZOU9acCFUOo4AodsFdOwQ
0
FphcareAdminsAuthor Commented:
it looks good, but i wanted to rely entirely on microsoft tools if possible
0
vmaganCommented:
i dont believe there is another way around it without enableing auditing. hey, you at least get 30 days free. lol
0
HighTemplar56Commented:
fphcareadmins,

please think about enabling auditing since that is the only realistic solution.  auditing object access is fairly simple. find a alternate solution is almost like reinventing the wheel.
0
vmaganCommented:
Well put high, your looking for a solution when you have a great one ready for use.
0
vmaganCommented:
Did you ever get this to work?
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
vmagan2011Commented:
why can't points be awarded? There was no response from, author and solution was given to him. He just didnt want to accept the reality in the solution.
0
ModalotEE ModeratorCommented:
Following an Objection by vmagan2011, and after Moderator review, there seems to be a better  disposition, as recommended by the contributing Expert(s).

Modalot
Community Support Moderator
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.