Solved

Audit folder access

Posted on 2013-11-26
5
649 Views
Last Modified: 2014-08-02
Hi
I would like advice on how to audit our corporate network directory.

The folders are many at root and deep. there are different permissions for users set at different levels.

I need to audit this information.

I would like to run a report that presents who has access at all the folders in all the levels.

so I can see the folders, and the users permitted to use these.

Any non scripted advice appreciated. File and print server is server 2008 R2

TA

AJ
0
Comment
Question by:Ancients
5 Comments
 
LVL 1

Accepted Solution

by:
Sum Wum earned 167 total points
ID: 39679942
0
 
LVL 36

Assisted Solution

by:Mahesh
Mahesh earned 167 total points
ID: 39680050
1st you need to add File server to seperate OU and apply new GPO on this OU specifying "audit object access" for success and failure in audit policy section of GPO under Computer configuration\windows settings\security settings\local policies\audit policy

Also you need to enable auditing on all shares root folder through NTFS advanced permissions for all users or selected users or groups.
Check below link for same
http://www.techotopia.com/index.php/Auditing_Windows_Server_2008_File_and_Folder_Access

Since this is 2008 r2 file server, you can also install "File server resource manager" (FSRM) role and enable auditing there as well for best results.There you also can configure reports as well as required.
Check below link for more info
http://social.technet.microsoft.com/Forums/windowsserver/en-US/29d41e87-4055-4d71-b13c-3786385dee5a/auditing-info-needed?forum=winservergen
http://4sysops.com/archives/file-server-resource-manager-fsrm-part-5-storage-reports/

Alternatively you can use below tool for reporting
http://www.netwrix.com/file_server_reporting.html

do not foget to set security event log size on File servers so that logs will not be overwritten immediately.You can schedule some script to backup and clear security events on file server if required.

hope that helps
Mahesh
0
 
LVL 1

Author Comment

by:Ancients
ID: 39680438
thanks all.

I will check these out. though vest I checked the vid out. it was more about change logging rather then helping me identify who has what access at various levels.
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 166 total points
ID: 39683281
In addition I would also recommend to enable minimal audit setting on files and folder as this will create strom of events. Auditing can generate a large amount of data.Because the security log is limited in size, select the files and folders to be audited carefully. Also, consider the amount of disk space that you want to devote to the security log. The maximum size for the security log is defined in Event Viewer.

auditing is enable on share folder you can track the same.In order to audit you need to first enable audit policy for audit object access.Once the policy is defined you can enable auditing on file and folder on the servers.
 
Refer below links:
http://technet.microsoft.com/hi-in/library/dd277403(en-us).aspx
http://www.sevenforums.com/tutorials/123362-audit-log-access-shared-folders.html
http://www.intelliadmin.com/index.php/2008/03/use-auditing-to-track-who-deleted-your-files/
http://social.technet.microsoft.com/Forums/en-US/systemcentermonitoring/thread/3b7d3dfa-99e5-4aaf-a0e5-3e7dc4cb6f93/

Hope this helps
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Why pager replacement is still an issue OnPage has what some might call a “hate/hate” relationship with pagers. Not much room for love. As we see it, pagers are an antiquated bit of technology. Pagers are dinosaurs which, like most dinosaurs, sho…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now