I've read somewhere that file-access auditing can be enabled and subsequently reported using native OS tools, rather than third-party tools. Is this correct? Or is a third-party solution required to determine who accesses what and when on a Windows server?
The native OS has the ability to audit file objects and can report successful and failed attempts to access an object. It then places those reports into the system security event log.
This article explains how to use Group Policy to apply or modify auditing policy settings for an object.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Once you've set this up, locate a utility that can send you the specific security events that appear in the server you're auditing (or do some scripting if you know how). I suggest the EventSentry Light utility from Event Sentry. This freeware program runs without time limitations and allows you to specify the events to send your way.