I am trying to explain how to audit object access. I am sure that someone must be looking for it. Follow the steps :
- Start by creating a directory and share to be accessible by the client. I chose to call this directory "Audit_Folder".
- Once the directory is created, it must now configure auditing on this directory. Indeed, we have only enabled the audit settings on the client.
- You must configure the directories to be audited. To do this, right click on the directory with you want to audit access, then do "Properties". In the "Security" tab, go to "Advanced".
- In the window that appears, click the "Audit" and then "Edit".
- In the window that appears, click "Add".
- You must now configure what permissions you want to audit success, failure. In my case, I decided to audit the creation of folders and files successfully, the Attribute Changes Failed files and deleting and renaming files and folders into success and failure.
- Once you click "Add", choose which group of Active Directory security audit.
- You can select "Authenticated Users" to all authenticated users or only a group corresponding to a service (Financial, CIO ...) or a user group that you created.
- Indeed, audit the removal and change of name can successfully find out who has deleted a file or folder to avoid being accused of striking its place important files in an enterprise.
- Audit the creation of directories and files which allows to know the evolution of a directory and increase disk space.. Audit change attributes stranded solves the problems of rights in the directories.
- Once your permissions set, confirm. You get a summary of your choice.
Bookmarks