Auditing On The File Server

To Implementing auditing on file server is a useful for track a log's for further investigation.

1. go to run menu and open secpol.msc
   1. 
2. Now we need to go Advanced Audit Policy configuration  > system audit policies > object access > audit file share & audit file system -- open and select success and failure.
   1. 
3. select shared folder and open property > security > advanced.
   1. 
4. now go to Auditing > add
   1. 
5. Select principal > i.e., domain admins 
6. type > All
7. Applies to > This folders, subfolders and files
8. show advance permissions
9. clear all permission and select manual permission as per requirements
10. ok
    1. 
11. now click ok.
    1. 
12. it will start the process and take a time depending on shared folder size.

Examine the log's of shared folder

1. for testing purpose i create a test folder and delete that folder
   1. 
2. To view log's for that folder go to event viewer
3. windows logs > security
4. we can see in below image how we can found the detailed of shared folder if any changes did by any user. 
   1. 
   2.