•  
  • Manual configurationManual configuration
Click here to shrink
Click here to expand Click here to expand

Configure object-level auditing - Manual configuration

Using Windows shares

Right-click on the share folder that you want to audit, select Properties, and then click on the Security tab → Select Advanced, and then click on the Auditing tab → For the Everyone group, add the following entries:

  Principal Type Access Applies To
File/folder changes Everyone Success, Failure
  • Create files / Write Data
  • Create folders / Append data
  • Write attributes
  • Write extended attributes
  • Delete sub folders and files
  • Delete
 This Folder, sub folders, and files
Folder permission and owner changes Everyone Success, Failure
  • Take ownership
  • Change permissions
 This Folder and sub folders
File read Everyone Success, Failure
  • List folder / Read data
 Files only
Folder read failure Everyone Failure
  • List folder / Read data
 This Folder and sub folders

Using PowerShell cmdlets

Go to the <installation directory>\bin folder within the PowerShell command prompt → Type in ADAP-Set-SACL.ps1 → Follow the steps to apply object-level auditing to shares on the file server.

  • Create a CSV file containing the Universal Naming Convention (UNC) path or local path and the type of auditing (file server auditing [FA] or file integrity monitoring [FIM]) of all the folders that you need to enable auditing for.
  • The CSV file should contain the list of folders in the following format: <folder>,<type>

    Example: \\SERVERNAME\folder,FA C:\test folder,FA E:\test folder,FIM \\SERVERNAME\c$\folder,FIMOnce you have the CSV file that lists all the servers and the type of auditing required, go to the <Installation Directory>\bin folder within the PowerShell command prompt.

Type in:

.\ADAP-Set-SACL.ps1 -file '.\file name' -mode add (or) remove -recurse true (or) false -username DOMAIN_NAME\username

Where

parameter input variable mandatory
-file name of the CSV file containing the list of shared folders yes
-mode add - sets the object-level auditing settings (or) remove - removes the object-level auditing settings yes
-recurse true - Replace all sub-folder object-level auditing settings with inheritable auditing settings applied to the chosen folder. (or) false - Apply object-level auditing settings only to the chosen folder  Note: By default, the -recurse parameter is set to false no
-username DOMAIN_NAME\username of the user with privilege over the file or folder to set the object-level auditing settings. (No cross-domain support) no

Note: When removing object-level auditing for a set of folders, the -type parameter is not mandatory.

For example:

  • To set object-level auditing for the list of folders in the shared_folders_list.CSV file, use:.\ADAP-Set-SACL.ps1 -file '.\shared_folders_list.CSV' -mode add
  • To replace all sub-folder object-level auditing settings with inheritable auditing settings applied to the shared_folders_list.CSV file, use:.\ADAP-Set-SACL.ps1 -file '.\shared_folders_list.CSV' -mode add -recurse true
  • To remove object-level auditing for the list of folders in the shared_folders_list.CSV file, use:.\ADAP-Set-SACL.ps1 -file '.\shared_folders_list.CSV' -mode remove

Configure object-level auditing - Manual configuration

Don't see what you're looking for?

  •  

    Visit our community

    Post your questions in the forum.

     
  •  

    Request additional resources

    Send us your requirements.

     
  •  

    Need implementation assistance?

    Try OnboardPro

     

On this page

Copyright © 2025, ZOHO Corp. All Rights Reserved.

Get download link