Programming4us
         
 
 
Windows Server

Windwos Server 2008 : Recovering from a Server or System Failure (part 2) - Enabling Auditing for NTFS Folders

12/4/2010 3:40:33 PM
Enabling Auditing for NTFS Folders

Enabling auditing on an NTFS folder can be a helpful aid in troubleshooting access to server folders. Enabling auditing for NTFS folders is a two-part configuration involving either Group Policy or local computer policy audit settings, as well as configuring auditing on the folder itself. To enable auditing for a folder on a Windows Server 2008 R2 system, perform the following steps:

1.
Log on to the Windows Server 2008 R2 system with an account with administrator privileges.

2.
Click Start, click All Programs, click Administrative Tools, and select Local Security Policy.

3.
In the tree pane, double-click on Local Policies, and double-click on Audit Policy.

4.
In the tasks pane, double-click on Audit Object Access.

5.
When the Audit Object Access Properties window opens, check the Failure check box, and click OK, as shown in Figure 1.

Figure 1. Enabling failure audit for object access.


6.
Close the Local Security Policy window.

7.
Click Start and click on Computer.

8.
Browse to the drive and folder on which you will enable auditing; for this example, use the c:\HumanResources folder.

9.
Right-click the folder and select Properties.

10.
Select the Security tab and click the Advanced button near the bottom of the window.

11.
Select the Auditing tab and click the Edit button to enable audit changes.

12.
In this particular example, we want to log failed attempts to access the folder, so we will use the Everyone group and enable all failure audits. Click the Add button in the Advanced Security Settings window for the HumanResources folder.

13.
When the Select User, Computer, Service Account, or Group window opens, type in Everyone and click OK.

14.
In the Auditing Entry window for everyone, check the Failed check box next to Full Control, check the box at the bottom of the window to apply the Audit policy to all objects contained within the HumanResources folder, and click OK, as shown in Figure 2.

Figure 2. Configuring an audit entry for the HumanResources NTFS folder.


15.
In the Advanced Security Settings window, check the Replace All Existing Inheritable Auditing Entries check box, and click OK.

16.
Click OK again to close the Advanced Security Settings window, and then click OK one more time to close the property pages of the HumanResources folder.

When a user attempts to access the HumanResources folder and fails based on permissions, a failed audit entry will be logged on the server in the Security event log.
Other -----------------
- Windows Server 2008 Server Core : Working with the Remote Desktop Connection Application (part 2)
- Windows Server 2008 Server Core : Working with the Remote Desktop Connection Application (part 1)
- Windows Server 2008 Server Core : Understanding Internal and External Commands
- Windows Server 2008 : Working with NAP (part 8) - 802.1x Enforcement
- Windows Server 2008 : Working with NAP (part 7)
- Windows Server 2008 : Working with NAP (part 6)
- Windows Server 2008 : Working with NAP (part 5)
- Windows Server 2008 : Working with NAP (part 4) - Communication Process with VPN Client and NAP
- Windows Server 2008 : Working with NAP (part 3) - DHCP Enforcement
- Windows Server 2008 : Working with NAP (part 2)
- Windows Server 2008 : Working with NAP (part 1)
- Windows Server 2008 : Configuring Remote Access (part 6)
- Windows Server 2008 : Configuring Remote Access (part 5) - Virtual Private Networks
- Windows Server 2008 : Configuring Remote Access (part 4)
- Windows Server 2008 : Configuring Remote Access (part 3)
- Windows Server 2008 : Configuring Remote Access (part 2) - Network Policy Server and Network Access Protection
- Windows Server 2008 : Configuring Remote Access (part 1) - Routing and Remote Access Services
- Windows Server 2008 : Configuring Wireless Access
- Windows Server 2008: Configuring Routing
- Windows Firewall with Advanced Security in Windows Server 2008 (part 3)
 
 
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Most View
- jQuery 1.3 : Developing plugins - Method parameters
- Windows 7 : Managing Windows Firewall (part 2)
- Windows Server 2003 : Managing Security Configuration with Security Templates (part 2)
- Message Routing in Exchange 2010 (part 4) - Planning and Configuring Your SMTP Namespace
- SharePoint 2007 : Create an Alert on a List or a Library
- ASP.NET 4 in VB 2010 : Site Maps (part 2) - Binding an Ordinary Page to a Site Map, Binding a Master Page to a Site Map
- Windows Small Business Server 2011 : Deploying a Second Domain Controller
- Microsoft ASP.NET 3.5 : Writing HTTP Handlers (part 4) - Serving Images More Effectively
- SQL Server 2005 : Performing Database Backups
- BizTalk Server 2009 : Getting results from asynchronous invocations (part 1) - Building WCF services that support client callbacks