Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Audit folder access

Posted on 2013-11-26
5
Medium Priority
?
666 Views
Last Modified: 2014-08-02
Hi
I would like advice on how to audit our corporate network directory.

The folders are many at root and deep. there are different permissions for users set at different levels.

I need to audit this information.

I would like to run a report that presents who has access at all the folders in all the levels.

so I can see the folders, and the users permitted to use these.

Any non scripted advice appreciated. File and print server is server 2008 R2

TA

AJ
0
Comment
Question by:Ancients
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 1

Accepted Solution

by:
Sum Wum earned 501 total points
ID: 39679942
0
 
LVL 38

Assisted Solution

by:Mahesh
Mahesh earned 501 total points
ID: 39680050
1st you need to add File server to seperate OU and apply new GPO on this OU specifying "audit object access" for success and failure in audit policy section of GPO under Computer configuration\windows settings\security settings\local policies\audit policy

Also you need to enable auditing on all shares root folder through NTFS advanced permissions for all users or selected users or groups.
Check below link for same
http://www.techotopia.com/index.php/Auditing_Windows_Server_2008_File_and_Folder_Access

Since this is 2008 r2 file server, you can also install "File server resource manager" (FSRM) role and enable auditing there as well for best results.There you also can configure reports as well as required.
Check below link for more info
http://social.technet.microsoft.com/Forums/windowsserver/en-US/29d41e87-4055-4d71-b13c-3786385dee5a/auditing-info-needed?forum=winservergen
http://4sysops.com/archives/file-server-resource-manager-fsrm-part-5-storage-reports/

Alternatively you can use below tool for reporting
http://www.netwrix.com/file_server_reporting.html

do not foget to set security event log size on File servers so that logs will not be overwritten immediately.You can schedule some script to backup and clear security events on file server if required.

hope that helps
Mahesh
0
 
LVL 1

Author Comment

by:Ancients
ID: 39680438
thanks all.

I will check these out. though vest I checked the vid out. it was more about change logging rather then helping me identify who has what access at various levels.
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 498 total points
ID: 39683281
In addition I would also recommend to enable minimal audit setting on files and folder as this will create strom of events. Auditing can generate a large amount of data.Because the security log is limited in size, select the files and folders to be audited carefully. Also, consider the amount of disk space that you want to devote to the security log. The maximum size for the security log is defined in Event Viewer.

auditing is enable on share folder you can track the same.In order to audit you need to first enable audit policy for audit object access.Once the policy is defined you can enable auditing on file and folder on the servers.
 
Refer below links:
http://technet.microsoft.com/hi-in/library/dd277403(en-us).aspx
http://www.sevenforums.com/tutorials/123362-audit-log-access-shared-folders.html
http://www.intelliadmin.com/index.php/2008/03/use-auditing-to-track-who-deleted-your-files/
http://social.technet.microsoft.com/Forums/en-US/systemcentermonitoring/thread/3b7d3dfa-99e5-4aaf-a0e5-3e7dc4cb6f93/

Hope this helps
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question