Need file/folder "auditing" on Srvr 2012 R2

I have an organization that keeps opening a service ticket stating that files and folders keep disappearing on their shared drive on the server. Yet, when I perform a search, I find the file/folder and determine that it was just moved to a different location.

I am Googling to see if there is a built in way to enable auditing to determine who/what is moving these files/folders. I looked at this and do not feel it meets my needs to track when a file is moved, modified, created or deleted:

1. Open Administrative Tools > Local Security Policy.
2. Expand Local Policies and click Audit Policy in the left pane.
3. Select Audit object access in the right pane, and then click Action > Properties.
4. Select Success and Failure, and then click OK.
5. Close the Local Security Policy window.

Can anyone recommend a way to monitor all the actions listed above?
rbarwigAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
The steps you've taken are only half of what you need to do. You also need to open the advanced security properties window on the folders and enable auditing in there.
1. Right click the folder
2. Click Properties
3. Click Security
4. Click Advanced
5. Click Auditing tab

On that window, you can add in an audit rule to log changes to files and folders. This must be configured before the option to audit files and folders will function properly.
0
rbarwigAuthor Commented:
Thank you Adam,
Do you know if there an article to follow for the complete instructions?
0
Adam BrownSr Solutions ArchitectCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

rbarwigAuthor Commented:
Adam,

Thank you this is VERY informative and should help resolve the issue.
0
Scott CSenior Systems EnginerCommented:
Be aware that enabling auditing will put a heavy workload on your server, along with generating TONS of logs.
0
Naveen SharmaCommented:
You can detect the changes made to any file in a shared folder by using native auditing method, and the other is using auditing solution: https://www.lepide.com/how-to/track-changes-made-to-files-of-shared-folder.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
auditing

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.