Programming4us
         
 
 
Windows Server

Windwos Server 2008 : Recovering from a Server or System Failure (part 2) - Enabling Auditing for NTFS Folders

12/4/2010 3:40:33 PM
Enabling Auditing for NTFS Folders

Enabling auditing on an NTFS folder can be a helpful aid in troubleshooting access to server folders. Enabling auditing for NTFS folders is a two-part configuration involving either Group Policy or local computer policy audit settings, as well as configuring auditing on the folder itself. To enable auditing for a folder on a Windows Server 2008 R2 system, perform the following steps:

1.
Log on to the Windows Server 2008 R2 system with an account with administrator privileges.

2.
Click Start, click All Programs, click Administrative Tools, and select Local Security Policy.

3.
In the tree pane, double-click on Local Policies, and double-click on Audit Policy.

4.
In the tasks pane, double-click on Audit Object Access.

5.
When the Audit Object Access Properties window opens, check the Failure check box, and click OK, as shown in Figure 1.

Figure 1. Enabling failure audit for object access.


6.
Close the Local Security Policy window.

7.
Click Start and click on Computer.

8.
Browse to the drive and folder on which you will enable auditing; for this example, use the c:\HumanResources folder.

9.
Right-click the folder and select Properties.

10.
Select the Security tab and click the Advanced button near the bottom of the window.

11.
Select the Auditing tab and click the Edit button to enable audit changes.

12.
In this particular example, we want to log failed attempts to access the folder, so we will use the Everyone group and enable all failure audits. Click the Add button in the Advanced Security Settings window for the HumanResources folder.

13.
When the Select User, Computer, Service Account, or Group window opens, type in Everyone and click OK.

14.
In the Auditing Entry window for everyone, check the Failed check box next to Full Control, check the box at the bottom of the window to apply the Audit policy to all objects contained within the HumanResources folder, and click OK, as shown in Figure 2.

Figure 2. Configuring an audit entry for the HumanResources NTFS folder.


15.
In the Advanced Security Settings window, check the Replace All Existing Inheritable Auditing Entries check box, and click OK.

16.
Click OK again to close the Advanced Security Settings window, and then click OK one more time to close the property pages of the HumanResources folder.

When a user attempts to access the HumanResources folder and fails based on permissions, a failed audit entry will be logged on the server in the Security event log.
Other -----------------
- Windows Server 2008 Server Core : Working with the Remote Desktop Connection Application (part 2)
- Windows Server 2008 Server Core : Working with the Remote Desktop Connection Application (part 1)
- Windows Server 2008 Server Core : Understanding Internal and External Commands
- Windows Server 2008 : Working with NAP (part 8) - 802.1x Enforcement
- Windows Server 2008 : Working with NAP (part 7)
- Windows Server 2008 : Working with NAP (part 6)
- Windows Server 2008 : Working with NAP (part 5)
- Windows Server 2008 : Working with NAP (part 4) - Communication Process with VPN Client and NAP
- Windows Server 2008 : Working with NAP (part 3) - DHCP Enforcement
- Windows Server 2008 : Working with NAP (part 2)
- Windows Server 2008 : Working with NAP (part 1)
- Windows Server 2008 : Configuring Remote Access (part 6)
- Windows Server 2008 : Configuring Remote Access (part 5) - Virtual Private Networks
- Windows Server 2008 : Configuring Remote Access (part 4)
- Windows Server 2008 : Configuring Remote Access (part 3)
- Windows Server 2008 : Configuring Remote Access (part 2) - Network Policy Server and Network Access Protection
- Windows Server 2008 : Configuring Remote Access (part 1) - Routing and Remote Access Services
- Windows Server 2008 : Configuring Wireless Access
- Windows Server 2008: Configuring Routing
- Windows Firewall with Advanced Security in Windows Server 2008 (part 3)
 
 
Most View
- SharePoint 2010 : Change the Versioning Settings for a List or Document Library
- SOA with .NET and Windows Azure : WCF Services - Overview
- Sharepoint 2010 : Content Management - Managing External Content Types
- Windows Vista - File Encryption : Workings of BitLocker Drive Encryption
- jQuery 1.3 : Headline rotator (part 2) - Retrieving the feed
- Manage Active Directory Domain Services Auditing : Disable the Global Audit Policy by Using the Command Line
- Microsoft Dynamic GP 2010 : Installing Integration Manager (part 2) - SQL Server maintenance jobs
- SharePoint 2010: Change the Look of a Site by Using Themes
- Examples of SharePoint Administrative Tasks (part 3) - Using Windows PowerShell During the Upgrade Process
- jQuery 1.3 : Headline rotator (part 6)
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS