Audit Directory

[jonathan]

Hi Everyone,

I need to find out who is accessing a certain directory on a share on our DC
and who is opening, deleting and saving files to and from it. I keep
hearing about "Audits" that can be run against a directory - how do I do
this?

My DC is running AD if that helps?

Tia


Jonathan

 

[Steven L Umbach]

See the link below on how to audit files and folders. You must first enable
auditing of object access on the dc in Domain Controller Security Policy. Be
sure to increase the size if the security log in Event Viewer substantailly.
The info will be there but you will have a lot of events to look through.
Avoid using the everyone group to audit [audit specific users/group instead]
and try to avoid auditing read but audit write and delete instead if
feasible to keep down the number of events. When you look at the events, the
info is not always clear and you may have to view multiple events as one
action based on the same timestamp. Try it on a test computer first so you
can see what you are looking for. The links below may help. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;300549
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://www.microsoft.com/technet/security/guidance/secmod144.mspx --- great
info on auditing details