Programming4us
         
 
 
Windows Server

Windwos Server 2008 : Recovering from a Server or System Failure (part 2) - Enabling Auditing for NTFS Folders

12/4/2010 3:40:33 PM
Enabling Auditing for NTFS Folders

Enabling auditing on an NTFS folder can be a helpful aid in troubleshooting access to server folders. Enabling auditing for NTFS folders is a two-part configuration involving either Group Policy or local computer policy audit settings, as well as configuring auditing on the folder itself. To enable auditing for a folder on a Windows Server 2008 R2 system, perform the following steps:

1.
Log on to the Windows Server 2008 R2 system with an account with administrator privileges.

2.
Click Start, click All Programs, click Administrative Tools, and select Local Security Policy.

3.
In the tree pane, double-click on Local Policies, and double-click on Audit Policy.

4.
In the tasks pane, double-click on Audit Object Access.

5.
When the Audit Object Access Properties window opens, check the Failure check box, and click OK, as shown in Figure 1.

Figure 1. Enabling failure audit for object access.


6.
Close the Local Security Policy window.

7.
Click Start and click on Computer.

8.
Browse to the drive and folder on which you will enable auditing; for this example, use the c:\HumanResources folder.

9.
Right-click the folder and select Properties.

10.
Select the Security tab and click the Advanced button near the bottom of the window.

11.
Select the Auditing tab and click the Edit button to enable audit changes.

12.
In this particular example, we want to log failed attempts to access the folder, so we will use the Everyone group and enable all failure audits. Click the Add button in the Advanced Security Settings window for the HumanResources folder.

13.
When the Select User, Computer, Service Account, or Group window opens, type in Everyone and click OK.

14.
In the Auditing Entry window for everyone, check the Failed check box next to Full Control, check the box at the bottom of the window to apply the Audit policy to all objects contained within the HumanResources folder, and click OK, as shown in Figure 2.

Figure 2. Configuring an audit entry for the HumanResources NTFS folder.


15.
In the Advanced Security Settings window, check the Replace All Existing Inheritable Auditing Entries check box, and click OK.

16.
Click OK again to close the Advanced Security Settings window, and then click OK one more time to close the property pages of the HumanResources folder.

When a user attempts to access the HumanResources folder and fails based on permissions, a failed audit entry will be logged on the server in the Security event log.
Other -----------------
- Windows Server 2008 Server Core : Working with the Remote Desktop Connection Application (part 2)
- Windows Server 2008 Server Core : Working with the Remote Desktop Connection Application (part 1)
- Windows Server 2008 Server Core : Understanding Internal and External Commands
- Windows Server 2008 : Working with NAP (part 8) - 802.1x Enforcement
- Windows Server 2008 : Working with NAP (part 7)
- Windows Server 2008 : Working with NAP (part 6)
- Windows Server 2008 : Working with NAP (part 5)
- Windows Server 2008 : Working with NAP (part 4) - Communication Process with VPN Client and NAP
- Windows Server 2008 : Working with NAP (part 3) - DHCP Enforcement
- Windows Server 2008 : Working with NAP (part 2)
- Windows Server 2008 : Working with NAP (part 1)
- Windows Server 2008 : Configuring Remote Access (part 6)
- Windows Server 2008 : Configuring Remote Access (part 5) - Virtual Private Networks
- Windows Server 2008 : Configuring Remote Access (part 4)
- Windows Server 2008 : Configuring Remote Access (part 3)
- Windows Server 2008 : Configuring Remote Access (part 2) - Network Policy Server and Network Access Protection
- Windows Server 2008 : Configuring Remote Access (part 1) - Routing and Remote Access Services
- Windows Server 2008 : Configuring Wireless Access
- Windows Server 2008: Configuring Routing
- Windows Firewall with Advanced Security in Windows Server 2008 (part 3)
 
 
Most View
- SQL Server 2012 : T-SQL Enhancements - The MERGE Statement (part 1)
- Overview of Process Management in Microsoft Visio 2010 (part 1)
- Navigating the Central Administration Home Page (part 3) - Central Administration Page Option
- Windows Phone 7 : Working with Attachments
- Optimizing an Exchange Server 2007 Environment : Analyzing Capacity and Performance
- Windows 7: Recovering from a Problem
- Exchange Server 2010 : Federation Scenarios (part 1) - Free/Busy Access
- Microsoft Exchange Server 2003: Configuring Recipient Objects (part 7) - Moving Mailboxes with the Exchange Task Wizard
- Windows Phone 7 : Using the Touch Screen (part 3) - Sprite Hit Testing - Rectangular Hit Tests
- SQL Server 2008 Scheduling and Notification : Managing Jobs
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS