Rick Barwig
asked on
Need file/folder "auditing" on Srvr 2012 R2
I have an organization that keeps opening a service ticket stating that files and folders keep disappearing on their shared drive on the server. Yet, when I perform a search, I find the file/folder and determine that it was just moved to a different location.
I am Googling to see if there is a built in way to enable auditing to determine who/what is moving these files/folders. I looked at this and do not feel it meets my needs to track when a file is moved, modified, created or deleted:
1. Open Administrative Tools > Local Security Policy.
2. Expand Local Policies and click Audit Policy in the left pane.
3. Select Audit object access in the right pane, and then click Action > Properties.
4. Select Success and Failure, and then click OK.
5. Close the Local Security Policy window.
Can anyone recommend a way to monitor all the actions listed above?
I am Googling to see if there is a built in way to enable auditing to determine who/what is moving these files/folders. I looked at this and do not feel it meets my needs to track when a file is moved, modified, created or deleted:
1. Open Administrative Tools > Local Security Policy.
2. Expand Local Policies and click Audit Policy in the left pane.
3. Select Audit object access in the right pane, and then click Action > Properties.
4. Select Success and Failure, and then click OK.
5. Close the Local Security Policy window.
Can anyone recommend a way to monitor all the actions listed above?
ASKER
Thank you Adam,
Do you know if there an article to follow for the complete instructions?
Do you know if there an article to follow for the complete instructions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Adam,
Thank you this is VERY informative and should help resolve the issue.
Thank you this is VERY informative and should help resolve the issue.
Be aware that enabling auditing will put a heavy workload on your server, along with generating TONS of logs.
You can detect the changes made to any file in a shared folder by using native auditing method, and the other is using auditing solution: https://www.lepide.com/how-to/track-changes-made-to-files-of-shared-folder.html
1. Right click the folder
2. Click Properties
3. Click Security
4. Click Advanced
5. Click Auditing tab
On that window, you can add in an audit rule to log changes to files and folders. This must be configured before the option to audit files and folders will function properly.