Auditing Windows Server 2008 File and Folder Access

From Techotopia
Revision as of 19:35, 20 August 2008 by Neil (Talk | contribs) (New page: In order to track file and folder access on Windows Server 2008 it is necessary to enable file and folder auditing and then identify the files and folders that are to be audited. Once corr...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

In order to track file and folder access on Windows Server 2008 it is necessary to enable file and folder auditing and then identify the files and folders that are to be audited. Once correctly configured, the server security logs will then contain information about attempts to access or otherwise manipulate the designated files and folders. It is important to note that file and folder auditing is only available for NTFS volumes.

Enabling File and Folder Auditing

File and folder auditing is enabled and disabled using either Group Policy (for auditing domains, sites and organizational units) or local security policy (for single servers). To enable file and folder auditing for a singe server, select Start -> All Programs -> Administrative Tools -> Local Security Policy. In the Local Security Policy tool, expand the Local Policies branch of the tree and select Audit Policy.


Configuring Local Audit Policy


Double click on the Audit Object Access item in the list to display the corresponding properties page and choose whether success, failed, or both types of access to files or folder is to be audited:


Setting the Audit Object Properties to enable file and folder access tracking


Once the settings are configured click on Apply to commit the changes and then OK to close the properties dialog. With file and folder auditing enabled the next task is to select which files and folders are to be audited.

Selecting File and Folders to be Audited

Retrieved from "https://www.techotopia.com/index.php?title=Auditing_Windows_Server_2008_File_and_Folder_Access&oldid=6004"