Audit file/folders for changes on server 2008 r2

I have found some information regarding file/folder auditing and have come up short.

I want to audit a specific folder on our network for files and folders that have been moved or deleted. The guides that I have looked at tell me to go to administrative tools > local security policy > expand local policies > select audit policy. The option to enable any of the sections is greyed out.
I would need to know how to fix this.


I also need to know how to setup auditing for a certain group - lets say the group is sales or marketing or administrators. When a user who is part of this group(s) moves a file/folder or deletes a file/folder where is the information stored - which log is it and how do I view it so that it makes sense?

Any help would be appreciated.

Thanks

 local policy
jchongers71Asked:
Who is Participating?
 
RobSampsonCommented:
If your Default Domain Contollers policy is setting it to No Auditing, you will need to get it changed to what you need.  If the Domain Controllers policy is in effect, does that mean you want to set up auditing *on* a domain controller? I'm not sure of the impact auditing would have on a domain controller, but you won't want to consume too many system resources on it....

There's more information here:
http://technet.microsoft.com/en-us/library/cc771395(WS.10).aspx

Regards,

Rob.
0
 
RobSampsonCommented:
Hi, if it's greyed out, I would suspect you have some domain policy that's preventing it from being enabled.  Run RSOP.msc and see what might be affecting those settings.

Also, see here for information on auditing:
http://technet.microsoft.com/en-us/library/dd277403.aspx

There's a section three quarters of the way down that is titled
Enabling and editing Audit on Files and Folders

and it shows adding auditing for specific groups or users.

Regards,

Rob.
0
 
jchongers71Author Commented:
Thanks for the info and link. However the information is for server 2000, I am using 2008 r2.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
jchongers71Author Commented:
Also, when I run RSOP.msc the settings are also greyed out on those screens as well. Is this normal?
0
 
David Johnson, CD, MVPOwnerCommented:
rsop is the result of the policy it does not allow you to change things..
0
 
RobSampsonCommented:
RSOP won't allow you to change things, but you should see which domain policy has affected the settings.  It should say which policy has configured it....
0
 
jchongers71Author Commented:
I believe what I need to change is Audit Object Access - According to RSOP Audit object access is set to No auditing, Source GPO = Default Domain Controllers Policy.

whats the next step?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.