Auditing On The File Server
To Implementing auditing on file server is a useful for track a log's for further investigation.
- go to run menu and open secpol.msc
- Now we need to go Advanced Audit Policy configuration > system audit policies > object access > audit file share & audit file system -- open and select success and failure.
- select shared folder and open property > security > advanced.
- now go to Auditing > add
- Select principal > i.e., domain admins
- type > All
- Applies to > This folders, subfolders and files
- show advance permissions
- clear all permission and select manual permission as per requirements
- ok
- now click ok.
- it will start the process and take a time depending on shared folder size.
Examine the log's of shared folder
- for testing purpose i create a test folder and delete that folder
- To view log's for that folder go to event viewer
- windows logs > security
- we can see in below image how we can found the detailed of shared folder if any changes did by any user.
Article ID: 261
Created: September 21, 2023
Last Updated: September 21, 2023
Author: QuikBox Admin [[email protected]]
Online URL: https://support.quikbox.com/article.php?id=261