Can native OS tools enable file-access auditing?
I've read somewhere that file-access auditing can be enabled and subsequently
reported using native OS tools, rather than third-party tools. Is this correct? Or is a third-party
solution required to determine who accesses what and when on a Windows server?
The native OS has the ability to audit file objects and can report successful and failed
attempts to access an object. It then places those reports into the system security event log.
This article explains how to use
Group Policy to apply or modify auditing policy settings for an object.
Once you've set this up, locate a utility that can send you the specific security events that
appear in the server you're auditing (or do some scripting if you know how). I suggest the
EventSentry Light utility from Event
Sentry. This freeware program runs without time limitations and allows you to specify the
events to send your way.
This was first published in September 2007