Solved

Auditing tools

Posted on 2014-04-07
6
765 Views
Last Modified: 2014-04-21
I am looking for an auditing tool for server 2008r2 that will show the results of files and folders being access also account lockouts.  Recommendations please.
0
Comment
Question by:DMiller101
6 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 39982953
There are auditing options you can turn on in your default domain's GPO that will log these events.  In Administrator's tools, you can edit the GPO's computer security.

http://msdn.microsoft.com/en-us/library/ms813959.aspx
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39983024
For account lockouts you have to look events on domain controllers security event log

On member servers you can't find account lockout entries in events

Also to audit file \ folders on 2008 r2 servers, add those servers in separate OU and add new GPO there, in GPO set auditing for "Audit Object Access for failure and success

Also on all shared folders on server enable auditing for all users \ specific users depending upon your requirement
Auditing option can be find on folder properties\security\advanced\auditing tab

Mahesh.
0
 

Author Comment

by:DMiller101
ID: 39983090
All of those step's have been taken ... What I am looking for is a tool to collect and filter the data.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39983120
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39983440
You can use AD audit plus tool from Manage engine
OR
SCOM event log data collector, but it will then require to install SCOM
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39985368
this one is a costly solution but splunk can index all the eventlogs from the servers those are set to forward the logs to a central server and then you can have a consolidated output/graphs/details on gui in the way you want based on the custom search queries.

http://www.splunk.com/view/log-management/SP-CAAAC6F
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know what services you can and cannot, should and should not combine on your server.
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question