Improve company productivity with a Business Account.Sign Up

x
?
Solved

Audit folder access

Posted on 2013-11-26
5
Medium Priority
?
677 Views
Last Modified: 2014-08-02
Hi
I would like advice on how to audit our corporate network directory.

The folders are many at root and deep. there are different permissions for users set at different levels.

I need to audit this information.

I would like to run a report that presents who has access at all the folders in all the levels.

so I can see the folders, and the users permitted to use these.

Any non scripted advice appreciated. File and print server is server 2008 R2

TA

AJ
0
Comment
Question by:Ancients
4 Comments
 
LVL 1

Accepted Solution

by:
Sum Wum earned 501 total points
ID: 39679942
0
 
LVL 41

Assisted Solution

by:Mahesh
Mahesh earned 501 total points
ID: 39680050
1st you need to add File server to seperate OU and apply new GPO on this OU specifying "audit object access" for success and failure in audit policy section of GPO under Computer configuration\windows settings\security settings\local policies\audit policy

Also you need to enable auditing on all shares root folder through NTFS advanced permissions for all users or selected users or groups.
Check below link for same
http://www.techotopia.com/index.php/Auditing_Windows_Server_2008_File_and_Folder_Access

Since this is 2008 r2 file server, you can also install "File server resource manager" (FSRM) role and enable auditing there as well for best results.There you also can configure reports as well as required.
Check below link for more info
http://social.technet.microsoft.com/Forums/windowsserver/en-US/29d41e87-4055-4d71-b13c-3786385dee5a/auditing-info-needed?forum=winservergen
http://4sysops.com/archives/file-server-resource-manager-fsrm-part-5-storage-reports/

Alternatively you can use below tool for reporting
http://www.netwrix.com/file_server_reporting.html

do not foget to set security event log size on File servers so that logs will not be overwritten immediately.You can schedule some script to backup and clear security events on file server if required.

hope that helps
Mahesh
0
 
LVL 1

Author Comment

by:Ancients
ID: 39680438
thanks all.

I will check these out. though vest I checked the vid out. it was more about change logging rather then helping me identify who has what access at various levels.
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 498 total points
ID: 39683281
In addition I would also recommend to enable minimal audit setting on files and folder as this will create strom of events. Auditing can generate a large amount of data.Because the security log is limited in size, select the files and folders to be audited carefully. Also, consider the amount of disk space that you want to devote to the security log. The maximum size for the security log is defined in Event Viewer.

auditing is enable on share folder you can track the same.In order to audit you need to first enable audit policy for audit object access.Once the policy is defined you can enable auditing on file and folder on the servers.
 
Refer below links:
http://technet.microsoft.com/hi-in/library/dd277403(en-us).aspx
http://www.sevenforums.com/tutorials/123362-audit-log-access-shared-folders.html
http://www.intelliadmin.com/index.php/2008/03/use-auditing-to-track-who-deleted-your-files/
http://social.technet.microsoft.com/Forums/en-US/systemcentermonitoring/thread/3b7d3dfa-99e5-4aaf-a0e5-3e7dc4cb6f93/

Hope this helps
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their VPS hosting experience that much smoother.
There’s hardly a doubt that Business Communication is indispensable for both enterprises and small businesses, and if there is an email system outage owing to Exchange server failure, it definitely results in loss of productivity.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question