Direct Inward Dialing: +1 408 916 9892
ADAudit Plus is an IT security and compliance solution that provides comprehensive reports to consolidate all the information you need about attempts made to access files or folders in your file servers. These reports can be exported and also scheduled to be automatically generated, at the specified times, and delivered to your inbox. You can also configure alerts to notify you when access requests are made on critical files/folders. This way you can take action immediately. Here is how you can access these reports using ADAudit Plus:
Launch ADAudit Plus and log in → Go to File Audit tab → Navigate to File Audit Reports and select File Read Access.
Launch the Group Policy Management console (Run --> gpedit.msc)
Create a new GPO and link it to the domain containing the file server or edit the existing GPO that is linked to the relevant domain.
Navigate to Computer Configuration -> Windows Settings -> Security Settings ->Local Policies -> Audit Policy.
Under Audit Policy, select 'Audit object access' and turn auditing on for both success and failure.
Navigate to Advanced Audit Policy Configuration -> Audit Policies-> Object access. Turn on auditing for 'Audit file system' and 'Audit handle manipulation'.
Locate the file or folder for which you wish to track all the accesses. Right click on it and go to Properties. Under the Security tab click Advanced.
In Advanced Security Settings, go to the Auditin tab and click Add to add a new auditing entry.
In the Auditing Entry for Active Directory dialog box, enter the following details:
Every time a user accesses the selected file/folder, and changes the permission on it, an event log will be recorded in the Event Viewer. To view this audit log, go to the Event Viewer. Under Windows Logs, select Security. You can find all the audit logs in the middle pane as displayed below.
To filter the event logs to view just the logs about the file/folder permission changes, select Filter Current Log from the right pane. Simply search for the event ID 4656 and 4663 which indicate file/folder permission changes. You can see who accessed the file in “Account Name” field and access time in “Logged” field.
Native auditing becoming a little too much?
Simplify file server auditing and reporting with ADAudit Plus.
Get Your Free Trial Fully functional 30-day trial