Solved

Audit folder access

Posted on 2013-11-26
5
652 Views
Last Modified: 2014-08-02
Hi
I would like advice on how to audit our corporate network directory.

The folders are many at root and deep. there are different permissions for users set at different levels.

I need to audit this information.

I would like to run a report that presents who has access at all the folders in all the levels.

so I can see the folders, and the users permitted to use these.

Any non scripted advice appreciated. File and print server is server 2008 R2

TA

AJ
0
Comment
Question by:Ancients
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 1

Accepted Solution

by:
Sum Wum earned 167 total points
ID: 39679942
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 167 total points
ID: 39680050
1st you need to add File server to seperate OU and apply new GPO on this OU specifying "audit object access" for success and failure in audit policy section of GPO under Computer configuration\windows settings\security settings\local policies\audit policy

Also you need to enable auditing on all shares root folder through NTFS advanced permissions for all users or selected users or groups.
Check below link for same
http://www.techotopia.com/index.php/Auditing_Windows_Server_2008_File_and_Folder_Access

Since this is 2008 r2 file server, you can also install "File server resource manager" (FSRM) role and enable auditing there as well for best results.There you also can configure reports as well as required.
Check below link for more info
http://social.technet.microsoft.com/Forums/windowsserver/en-US/29d41e87-4055-4d71-b13c-3786385dee5a/auditing-info-needed?forum=winservergen
http://4sysops.com/archives/file-server-resource-manager-fsrm-part-5-storage-reports/

Alternatively you can use below tool for reporting
http://www.netwrix.com/file_server_reporting.html

do not foget to set security event log size on File servers so that logs will not be overwritten immediately.You can schedule some script to backup and clear security events on file server if required.

hope that helps
Mahesh
0
 
LVL 1

Author Comment

by:Ancients
ID: 39680438
thanks all.

I will check these out. though vest I checked the vid out. it was more about change logging rather then helping me identify who has what access at various levels.
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 166 total points
ID: 39683281
In addition I would also recommend to enable minimal audit setting on files and folder as this will create strom of events. Auditing can generate a large amount of data.Because the security log is limited in size, select the files and folders to be audited carefully. Also, consider the amount of disk space that you want to devote to the security log. The maximum size for the security log is defined in Event Viewer.

auditing is enable on share folder you can track the same.In order to audit you need to first enable audit policy for audit object access.Once the policy is defined you can enable auditing on file and folder on the servers.
 
Refer below links:
http://technet.microsoft.com/hi-in/library/dd277403(en-us).aspx
http://www.sevenforums.com/tutorials/123362-audit-log-access-shared-folders.html
http://www.intelliadmin.com/index.php/2008/03/use-auditing-to-track-who-deleted-your-files/
http://social.technet.microsoft.com/Forums/en-US/systemcentermonitoring/thread/3b7d3dfa-99e5-4aaf-a0e5-3e7dc4cb6f93/

Hope this helps
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question