Windows file server: save access to files and folders

Presentation

In this tutorial, we will see a feature built into Windows, folder and file access auditing.

This function allows logger access to resources (files and resources). It may be worthwhile to enable auditing on sensitive enterprise files to see if unauthorized people are trying to access it.

Audit configuration

Folder configuration

1. On the file server, open the Share Properties by the Server Manager, go to Permissions 1 and then click Customize Permissions 2 .
Sharing Properties

2. Go to the Audit tab 1 and click on Add 2 .
Audit tab

3. Select the users to be audited 1 , the type (Succeeded, Failed or All) 2 , check the items to be saved 3 and click OK 4 .
Audit configuration

4. The audit is added 1 and visible how an authorization NTFS., Click on Apply 2 then OK 3 and close the properties window of the share.
Audit added

Server configuration

To work it is necessary to activate the object access audit on the server.

1. Open an execute window (crtl+R) and enter gpedit.msc to access the local policy console of the computer.

2. Edit the Audit Object Access 1 setting located in the following location: Computer Configuration / Windows Settings / Security Settings / Local Policies / Audit Policy.
local group strategy

3. Configure the types of audit to activate 1 and click on Apply 2 then OK 3 .
Configuration of the strategy

4. The policy is configured.
Configured policy

5. Force a policy update, by opening a command prompt as administrator and passing the gpupdate command.

View the logs

1. In order to generate logs, make access to folders and files according to the audit parameters.

2. On the server open the Event Viewer and go to Windows Logs 1 / Security 2 . Search for events in the File Systems category.
event observer

3. Example of logs:

Conclusion

With auditing features, you can now record people who are roaming about shares and who are too curious.

Personally I advise you to activate this feature on sensitive folders and record only refusals, because the number of logs can quickly become important and also impact performance.

In order to better secure access to shares, I also recommend that you enable enumeration based on access.



Related Posts


PRTG: Supervision of a QNAP NAS

Presentation In this tutorial, I will explain how to supervise a QNAP NAS with PRTG. PRTG integrates a model for QNAP NAS that allows the automatic creation of the following sensors: QNAP system statu

GPO: User Folder Redirection

Presentation User Folder Redirection allows Windows to store the contents of certain user profile folders on a network location. This solution has the following advantages: No local file storage.Possi

PRTG: equipment dependent on a parent

Introduction PRTG allows you to create dependencies between multiple devices. This allows in case of failure of a device to pass the others automatically paused. This parameter can be used with server

Leave a Comment