Solved

Auditing tools

Posted on 2014-04-07
6
789 Views
Last Modified: 2014-04-21
I am looking for an auditing tool for server 2008r2 that will show the results of files and folders being access also account lockouts.  Recommendations please.
0
Comment
Question by:DMiller101
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 39982953
There are auditing options you can turn on in your default domain's GPO that will log these events.  In Administrator's tools, you can edit the GPO's computer security.

http://msdn.microsoft.com/en-us/library/ms813959.aspx
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39983024
For account lockouts you have to look events on domain controllers security event log

On member servers you can't find account lockout entries in events

Also to audit file \ folders on 2008 r2 servers, add those servers in separate OU and add new GPO there, in GPO set auditing for "Audit Object Access for failure and success

Also on all shared folders on server enable auditing for all users \ specific users depending upon your requirement
Auditing option can be find on folder properties\security\advanced\auditing tab

Mahesh.
0
 

Author Comment

by:DMiller101
ID: 39983090
All of those step's have been taken ... What I am looking for is a tool to collect and filter the data.
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39983120
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39983440
You can use AD audit plus tool from Manage engine
OR
SCOM event log data collector, but it will then require to install SCOM
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39985368
this one is a costly solution but splunk can index all the eventlogs from the servers those are set to forward the logs to a central server and then you can have a consolidated output/graphs/details on gui in the way you want based on the custom search queries.

http://www.splunk.com/view/log-management/SP-CAAAC6F
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question