Audit file/folders for changes on server 2008 r2
I have found some information regarding file/folder auditing and have come up short.
I want to audit a specific folder on our network for files and folders that have been moved or deleted. The guides that I have looked at tell me to go to administrative tools > local security policy > expand local policies > select audit policy. The option to enable any of the sections is greyed out.
I would need to know how to fix this.
I also need to know how to setup auditing for a certain group - lets say the group is sales or marketing or administrators. When a user who is part of this group(s) moves a file/folder or deletes a file/folder where is the information stored - which log is it and how do I view it so that it makes sense?
Any help would be appreciated.
Thanks
I want to audit a specific folder on our network for files and folders that have been moved or deleted. The guides that I have looked at tell me to go to administrative tools > local security policy > expand local policies > select audit policy. The option to enable any of the sections is greyed out.
I would need to know how to fix this.
I also need to know how to setup auditing for a certain group - lets say the group is sales or marketing or administrators. When a user who is part of this group(s) moves a file/folder or deletes a file/folder where is the information stored - which log is it and how do I view it so that it makes sense?
Any help would be appreciated.
Thanks
Last Comment
ASKER
Thanks for the info and link. However the information is for server 2000, I am using 2008 r2.
ASKER
Also, when I run RSOP.msc the settings are also greyed out on those screens as well. Is this normal?
rsop is the result of the policy it does not allow you to change things..
RSOP won't allow you to change things, but you should see which domain policy has affected the settings. It should say which policy has configured it....
ASKER
I believe what I need to change is Audit Object Access - According to RSOP Audit object access is set to No auditing, Source GPO = Default Domain Controllers Policy.
whats the next step?
whats the next step?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Windows Server 2008
Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Also, see here for information on auditing:
http://technet.microsoft.com/en-us/library/dd277403.aspx
There's a section three quarters of the way down that is titled
Enabling and editing Audit on Files and Folders
and it shows adding auditing for specific groups or users.
Regards,
Rob.