Big savings, Better ROI! Exclusive discounts on ManageEngine Products!* Boost your business *T&C apply
    Click here to shrink
    Click here to expand Click here to expand

    Configure audit policies

    The Amazon FSx file system can be used with either a self-managed Microsoft Active Directory (AD) or an AWS Managed Microsoft AD.

    Self-managed Microsoft AD

    If you are using your Amazon FSx file system with a self-managed Microsoft AD and have assigned sufficient privileges to the user configured under Domain Settings, ADAudit Plus automatically configures the required audit policies when you add your file system for auditing. Otherwise, you can configure the audit policies manually by following the steps under Manual audit policy configuration.

    AWS Managed Microsoft AD

    If you are using your Amazon FSx file system with an AWS Managed Microsoft AD, follow the steps under Manual audit policy configuration to configure the required audit policies.

    Manual audit policy configuration

    Configure the list of Amazon FSx Windows file systems to be audited:

    1. Open Active Directory Users and Computers.
    2. Right-click the domain and select New > Group.
    3. In the New object - Group window that opens, type in “ADAuditPlusFS” as the Group name, check Group scope: Domain Local and Group type: Security. Click OK.
    4. Right-click the newly created group, then select Properties > Members > Add. Add all the Windows file servers that you want to audit as a member of this group. Click OK.
    5. Using domain admin credentials, log in to any computer that has the Group Policy Management Console (GPMC) on it.

      Note: The GPMC will not be installed on workstations and/or enabled on member servers by default, so we recommend configuring audit policies on Windows domain controllers. Otherwise, follow the steps in this page to install GPMC on your desired member server or workstation.

    6. Go to Start > Windows Administrative Tools > Group Policy Management.
    7. Depending on whether you are using a Self-managed Microsoft AD or an AWS Manged Microsoft AD, follow the steps:
      • Self-managed Microsoft AD

        In the GPMC, right-click the domain in which you want to configure the Group Policy. Select Create a GPO and Link it here. In the New GPO window that opens, type in “ADAuditPlusFSPolicy” and click OK.

      • AWS Managed Microsoft AD

        In the GPMC, right-click the OU with the same name as your domain (the OU created by AWS that you have 'Edit' access for). Select Create a GPO and Link it here. In the New GPO window that opens, type in “ADAuditPlusFSPolicy” and click OK

    8. Select the ADAuditPlusFSPolicy GPO. Under Security Filtering, select Authenticated Users. Click Remove. In the Group Policy Management window that opens, select OK.
    9. Select the ADAuditPlusFSPolicy GPO. Under Security Filtering, click Add and choose the security group ADAuditPlusFS created previously. Click OK.

    Configure advanced audit policies

    Advanced audit policies help administrators exercise granular control over which activities get recorded in the logs, helping cut down on event noise. We recommend configuring advanced audit policies on Windows Server 2008 and above.

    1. To set this up, edit <ADAuditPlusFSPolicy> by right-clicking on the policy and selecting Edit.
    2. Navigate to Configuration > Windows Settings > Security Settings > Advanced Audit Policy Configuration, and configure the following settings.
    Category Sub category Audit events Purpose
    Object Access
    • Audit File System
    • Audit File Share
    • Audit Handle Manipulation
    • Audit Policy Change
    • Authorization Policy Change
    • Success, Failure
    • Success
    • Success, Failure
    File share auditing

    Configure audit policies

    Force advanced audit policies

    When using advanced audit policies, ensure that they are forced over legacy audit policies.

    1. Enable Force audit policy subcategory settings in <ADAuditPlusFSPolicy>.
    2. Navigate to Computer Configuration > Windows Settings > Security Settings > Local Polices > Security Options > Audit: Force audit policy subcategory settings (Windows Vista or later) to override the audit policy category settings.

    Configure audit policies

    Configure legacy audit policies

    Due to the unavailability of advanced audit policies in Windows Server 2003 and earlier versions, legacy audit policies need to be configured for these types of servers.

    1. To set this up, edit <ADAuditPlusFSPolicy> by right-clicking on the policy and selecting Edit.
    2. Navigate to Configuration > Windows Settings > Security Settings > Audit Policy Configuration and configure the following settings.
    Category Audit events Purpose
    Object Access Success, Failure
    • File share auditing
    • File integrity monitoring
    • File permission change auditing

    Configure audit policies

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       

    On this page

    Get download link