Solved

Audit folder access

Posted on 2013-11-26
5
654 Views
Last Modified: 2014-08-02
Hi
I would like advice on how to audit our corporate network directory.

The folders are many at root and deep. there are different permissions for users set at different levels.

I need to audit this information.

I would like to run a report that presents who has access at all the folders in all the levels.

so I can see the folders, and the users permitted to use these.

Any non scripted advice appreciated. File and print server is server 2008 R2

TA

AJ
0
Comment
Question by:Ancients
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 1

Accepted Solution

by:
Sum Wum earned 167 total points
ID: 39679942
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 167 total points
ID: 39680050
1st you need to add File server to seperate OU and apply new GPO on this OU specifying "audit object access" for success and failure in audit policy section of GPO under Computer configuration\windows settings\security settings\local policies\audit policy

Also you need to enable auditing on all shares root folder through NTFS advanced permissions for all users or selected users or groups.
Check below link for same
http://www.techotopia.com/index.php/Auditing_Windows_Server_2008_File_and_Folder_Access

Since this is 2008 r2 file server, you can also install "File server resource manager" (FSRM) role and enable auditing there as well for best results.There you also can configure reports as well as required.
Check below link for more info
http://social.technet.microsoft.com/Forums/windowsserver/en-US/29d41e87-4055-4d71-b13c-3786385dee5a/auditing-info-needed?forum=winservergen
http://4sysops.com/archives/file-server-resource-manager-fsrm-part-5-storage-reports/

Alternatively you can use below tool for reporting
http://www.netwrix.com/file_server_reporting.html

do not foget to set security event log size on File servers so that logs will not be overwritten immediately.You can schedule some script to backup and clear security events on file server if required.

hope that helps
Mahesh
0
 
LVL 1

Author Comment

by:Ancients
ID: 39680438
thanks all.

I will check these out. though vest I checked the vid out. it was more about change logging rather then helping me identify who has what access at various levels.
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 166 total points
ID: 39683281
In addition I would also recommend to enable minimal audit setting on files and folder as this will create strom of events. Auditing can generate a large amount of data.Because the security log is limited in size, select the files and folders to be audited carefully. Also, consider the amount of disk space that you want to devote to the security log. The maximum size for the security log is defined in Event Viewer.

auditing is enable on share folder you can track the same.In order to audit you need to first enable audit policy for audit object access.Once the policy is defined you can enable auditing on file and folder on the servers.
 
Refer below links:
http://technet.microsoft.com/hi-in/library/dd277403(en-us).aspx
http://www.sevenforums.com/tutorials/123362-audit-log-access-shared-folders.html
http://www.intelliadmin.com/index.php/2008/03/use-auditing-to-track-who-deleted-your-files/
http://social.technet.microsoft.com/Forums/en-US/systemcentermonitoring/thread/3b7d3dfa-99e5-4aaf-a0e5-3e7dc4cb6f93/

Hope this helps
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Invest in your employees with these five simple steps to improve employee engagement and retention.
When the s#!t hits the fan, you don’t have time to look up who’s on call, draft emails, call collaborators, or send text messages. An instant chat window is definitely the way to go, especially one like HipChat. HipChat is a true business app. An…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question