Solved

audit forMS 2008 server R2

Posted on 2013-06-02
3
362 Views
Last Modified: 2013-06-12
I wanted to know what auditing is available for MS server 2008 R2?  Lately, we've had issues with someone in our  team owning up to modifying share and ntfs permissions on a particular server and/or folders and we wanted to audit these changes.  What's available within the MS world for this challenge?  Lastly, what if we go outside MS world?
0
Comment
Question by:uppercut7141
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39215454
Unless you already have enabled any of the items found in the Local Security Policy, only the default items will be logged. Those logs are found in the security log of the event viewer.

You can open the options for Audit Policy and enable the options. After enabling them, you should see more logging occur as events happen.
0
 
LVL 5

Accepted Solution

by:
MisterTwelve earned 500 total points
ID: 39215751
Hi

Another options is SCOM and ACS. if you have SCOM in your domain is the best options, because you have reports to get information you need. Read security logs is not easy, but without SCOM is only option i know.

Take a look on this http://blogs.technet.com/b/fesiro/archive/2013/01/08/how-to-deploy-audit-collection-services-acs-in-scom-2012.aspx

Regards
0
 

Author Comment

by:uppercut7141
ID: 39219071
I'm trying to Click Start, point to Administrative Tools, and then Group Policy Management; however, there is no GROUP POLICY MANAGEMENT option when I attempt to do this on a Server 2008 R2 server.  Do I need to do something else for this option to appear?  

I just want to be able to track who modified changes on either NTFS or folder permission on a specific time.  When I attempted to go on the event log, everything is taken up...meaning all logs seem to be from today.  I can't view anything from 3 or 4 days ago which is where I'd like to begin the audit.
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question