Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Auditing tools

Posted on 2014-04-07
6
Medium Priority
?
851 Views
Last Modified: 2014-04-21
I am looking for an auditing tool for server 2008r2 that will show the results of files and folders being access also account lockouts.  Recommendations please.
0
Comment
Question by:DMiller101
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 1500 total points
ID: 39982953
There are auditing options you can turn on in your default domain's GPO that will log these events.  In Administrator's tools, you can edit the GPO's computer security.

http://msdn.microsoft.com/en-us/library/ms813959.aspx
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39983024
For account lockouts you have to look events on domain controllers security event log

On member servers you can't find account lockout entries in events

Also to audit file \ folders on 2008 r2 servers, add those servers in separate OU and add new GPO there, in GPO set auditing for "Audit Object Access for failure and success

Also on all shared folders on server enable auditing for all users \ specific users depending upon your requirement
Auditing option can be find on folder properties\security\advanced\auditing tab

Mahesh.
0
 

Author Comment

by:DMiller101
ID: 39983090
All of those step's have been taken ... What I am looking for is a tool to collect and filter the data.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 38

Expert Comment

by:Mahesh
ID: 39983440
You can use AD audit plus tool from Manage engine
OR
SCOM event log data collector, but it will then require to install SCOM
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39985368
this one is a costly solution but splunk can index all the eventlogs from the servers those are set to forward the logs to a central server and then you can have a consolidated output/graphs/details on gui in the way you want based on the custom search queries.

http://www.splunk.com/view/log-management/SP-CAAAC6F
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question