1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Ability to track who has made changes to file or folder in a folder share?

Discussion in 'Windows Home Server' started by NUTZER, Apr 2, 2009.

  1. NUTZER

    NUTZER Guest

    All,

    My company has started storing very sensitive data on our file server. We
    would like to be able to track a particular folder and see who had access
    the folder and what changes that was done to the files in the folder.

    Is there a way that can be accomplished?

    Thanks!
     
    NUTZER, Apr 2, 2009
    #1
  3. Jon Wallace

    Jon Wallace Guest

    Hey,

    You can do 'some' of this through auditing. In an audit policy, turn on the
    auditing of objects. This is the 'Explain' text from object auditing, I
    believe this will help you a little bit -

    --

    Audit object access

    This security setting determines whether to audit the event of a user
    accessing an object-for example, a file, folder, registry key, printer, and
    so forth-that has its own system access control list (SACL) specified.

    If you define this policy setting, you can specify whether to audit
    successes, audit failures, or not audit the event type at all. Success
    audits generate an audit entry when a user successfully accesses an object
    that has an appropriate SACL specified. Failure audits generate an audit
    entry when a user unsuccessfully attempts to access an object that has a
    SACL specified.

    To set this value to No auditing, in the Properties dialog box for this
    policy setting, select the Define these policy settings check box and clear
    the Success and Failure check boxes.

    Note that you can set a SACL on a file system object using the Security tab
    in that object's Properties dialog box.

    Default: No auditing.

    --

    Hope this helps,

    Jon

    www.insidetheregistry.com

    --

    "NUTZER" <nutzer@blah.com> wrote in message
    news:N-OdnddogteRmEjUnZ2dnUVZ_jiWnZ2d@giganews.com...
    > All,
    >
    > My company has started storing very sensitive data on our file server. We
    > would like to be able to track a particular folder and see who had access
    > the folder and what changes that was done to the files in the folder.
    >
    > Is there a way that can be accomplished?
    >
    > Thanks!
    >
     
    Jon Wallace, Apr 2, 2009
    #2
  4. Isaac Oben [MCITP,MCSE]

    Isaac Oben [MCITP,MCSE] Guest

    Hello Nutzer:

    Create or edit an existing GPO to include auditing:
    Editing GPO, go to Computer Configurations, Windows Settings, Security
    Settings, Local Policies, Audit Policy, "Audit Object Access , define as
    "Success and Failures"

    Then go to share folder and right click, properties, security tab, Advanced,
    select auditing, add (user groups) if you need to edit all, then choose
    authenticated users, then specify the kind of events you need to audit. Yu
    can check in event viewer security log for your audit info..

    --
    Isaac Oben [MCTIP:EA, MCSE]
    "NUTZER" <nutzer@blah.com> wrote in message
    news:N-OdnddogteRmEjUnZ2dnUVZ_jiWnZ2d@giganews.com...
    > All,
    >
    > My company has started storing very sensitive data on our file server. We
    > would like to be able to track a particular folder and see who had access
    > the folder and what changes that was done to the files in the folder.
    >
    > Is there a way that can be accomplished?
    >
    > Thanks!
    >
     
    Isaac Oben [MCITP,MCSE], Apr 2, 2009
    #3
  5. Meinolf Weber [MVP-DS]

    Meinolf Weber [MVP-DS] Guest

    Hello NUTZER,

    From another posting:
    ----------------------------------------------------------------------------------------------------------------
    Enabling file auditing is a 2-step process.

    [1] Configure "audit object access" in AD Group Policy or on the server's
    local GPO. This setting is located under Computer Configuration-->Windows
    Settings-->Security Settings-->Local Policies-->Audit Policies. Enable success/failure
    auditing for "Audit object access."

    [2] Configure an audit entry on the specific folder(s) that you wish to audit.
    Right-click on the folder-->Properties-->Advanced. From the Auditing tab,
    click Add, then enter the users/groups whom you wish to audit and what actions
    you wish to audit - auditing Full Control will create an audit entry every
    time anyone opens/changes/closes/deletes a file, or you can just audit for
    Delete operations.

    After you've done both of these steps, any file deletions will show up in
    the Security log of the file server that hosts those files.

    HTH

    ----------------------------------------------------------------------------------------------------------------

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


    > All,
    >
    > My company has started storing very sensitive data on our file server.
    > We would like to be able to track a particular folder and see who had
    > access the folder and what changes that was done to the files in the
    > folder.
    >
    > Is there a way that can be accomplished?
    >
    > Thanks!
    >
     
    Meinolf Weber [MVP-DS], Apr 3, 2009
    #4

Share This Page