Auditing On The File Server
Estimated Reading Time: 1 MinutesTo Implementing auditing on file server is a useful for track a log's for further investigation.
- go to run menu and open secpol.msc
- Now we need to go Advanced Audit Policy configuration > system audit policies > object access > audit file share & audit file system -- open and select success and failure.
- select shared folder and open property > security > advanced.
- now go to Auditing > add
- Select principal > i.e., domain admins
- type > All
- Applies to > This folders, subfolders and files
- show advance permissions
- clear all permission and select manual permission as per requirements
- ok
- now click ok.
- it will start the process and take a time depending on shared folder size.
Examine the log's of shared folder
- for testing purpose i create a test folder and delete that folder
- To view log's for that folder go to event viewer
- windows logs > security
- we can see in below image how we can found the detailed of shared folder if any changes did by any user.