Solved

How could a small firm detect a large group of files being copied to USB or offsite device

Posted on 2015-01-21
2
114 Views
Last Modified: 2015-02-06
I am looking for an easy and cost effective way to be notified in the event that files are copied to a USB drive or other offsite device.  We have a Windows 2008 R2 server with a few file share folders and 10 users.  I would like to see a clean report of who access what file and when and see if mutiple files ever get copied to a USB drive.
0
Comment
Question by:dlafferty
2 Comments
 
LVL 76

Expert Comment

by:arnold
Comment Utility
well your qualifiers will not be covered by the following suggestion. Additional steps have to be taken for that.

1) enabling auditing on the shares, will record who accessed/modified/etc. files in the share.
2) using a GPO to disable storage based USB devices, will prevent recognition of USB devices in systems. Symantec end Point and possibly other enterprise type anti-virus/security include an option to record events i.e. usb storage insertion and file copying to it.
3) as to copying files offsite through the internet can only be controlled through the control of access to the internet (proxy server, etc. that limits the destination) the person can always email,
With the proliferation of cloud dropbox, etc.

One option is to use a document management system that requires individuals to check out documents.

Depending on your concern, there are other ways, printing it out, copying the screen, etc.
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
GPO audit trail is good for audit directory service access
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28466783.html#a40168689

If it is Win8, 2012 above  then audit under Object Access, for Audit Removable Storage will be in GPO instead of directory access
Look for event 4663, which logs successful attempts to write to or read from a removable storage device. Failures will log event 4656. Both events include Task Category = Removable Storage device.
https://technet.microsoft.com/en-us/library/jj574128.aspx

Best will be data leakage s/w e.g. devicelock etc but that can be costly...

Other tools

- LastActivityView collects information and displays a log of actions made by the user and events occurred on this computer https://www.technibble.com/lastactivityview-create-a-log-of-the-last-actions-made-by-the-user/

- A few more tools listed in e.g. USB Security Suite, USBLogView, Right mgmt and Data leakager protection schemes
http://www.experts-exchange.com/Security/Misc/Q_28465859.html
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now