Windows Server 2016: File and Folder Access Auditing and Monitoring
Windows Server 2016: File and Folder Access Auditing and Monitoring
// ------------------------
// Setup Auditing - notification when access if successful or failure
Step 1: (Right-click) Folder > Properties > Security > Advanced > Auditing > Add > Select a Principal > Enter the object name to select:- (E.g.) Administrator
Step 2: Server Manager > Tools > Group Policy Management > (selected Domain) Group Policy Object > (Right-click) Default Domain Policy [Make sure domain is Enforced] > Edit > (choose either Computer Configuration or User Configuration) Computer Configuration > Policies > Windows Settings > Security Settings > Local Policy > Audit Policy > Audit Object Access
// Remember that the Computer/User need to logoff & re-login for the (new)
// Group Policy to be active.
// ------------------------
// Looking into the (Audit) event log for File Access
Step 3: run: event viewer > Windows Logs > Security > Look for Event ID 4663
// ------------------------
// ------------------------
// Setup Auditing - notification when access if successful or failure
Step 1: (Right-click) Folder > Properties > Security > Advanced > Auditing > Add > Select a Principal > Enter the object name to select:- (E.g.) Administrator
Step 2: Server Manager > Tools > Group Policy Management > (selected Domain) Group Policy Object > (Right-click) Default Domain Policy [Make sure domain is Enforced] > Edit > (choose either Computer Configuration or User Configuration) Computer Configuration > Policies > Windows Settings > Security Settings > Local Policy > Audit Policy > Audit Object Access
// Remember that the Computer/User need to logoff & re-login for the (new)
// Group Policy to be active.
// ------------------------
// Looking into the (Audit) event log for File Access
Step 3: run: event viewer > Windows Logs > Security > Look for Event ID 4663
// ------------------------
Comments
Post a Comment