Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Auditing tools

Posted on 2014-04-07
6
776 Views
Last Modified: 2014-04-21
I am looking for an auditing tool for server 2008r2 that will show the results of files and folders being access also account lockouts.  Recommendations please.
0
Comment
Question by:DMiller101
6 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 39982953
There are auditing options you can turn on in your default domain's GPO that will log these events.  In Administrator's tools, you can edit the GPO's computer security.

http://msdn.microsoft.com/en-us/library/ms813959.aspx
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39983024
For account lockouts you have to look events on domain controllers security event log

On member servers you can't find account lockout entries in events

Also to audit file \ folders on 2008 r2 servers, add those servers in separate OU and add new GPO there, in GPO set auditing for "Audit Object Access for failure and success

Also on all shared folders on server enable auditing for all users \ specific users depending upon your requirement
Auditing option can be find on folder properties\security\advanced\auditing tab

Mahesh.
0
 

Author Comment

by:DMiller101
ID: 39983090
All of those step's have been taken ... What I am looking for is a tool to collect and filter the data.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39983120
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39983440
You can use AD audit plus tool from Manage engine
OR
SCOM event log data collector, but it will then require to install SCOM
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39985368
this one is a costly solution but splunk can index all the eventlogs from the servers those are set to forward the logs to a central server and then you can have a consolidated output/graphs/details on gui in the way you want based on the custom search queries.

http://www.splunk.com/view/log-management/SP-CAAAC6F
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question