Ask the Expert

Can native OS tools enable file-access auditing?

I've read somewhere that file-access auditing can be enabled and subsequently reported using native OS tools, rather than third-party tools. Is this correct? Or is a third-party solution required to determine who accesses what and when on a Windows server?

Requires Free Membership to View

The native OS has the ability to audit file objects and can report successful and failed attempts to access an object. It then places those reports into the system security event log.

This article explains how to use Group Policy to apply or modify auditing policy settings for an object.

Once you've set this up, locate a utility that can send you the specific security events that appear in the server you're auditing (or do some scripting if you know how). I suggest the EventSentry Light utility from Event Sentry. This freeware program runs without time limitations and allows you to specify the events to send your way.

This was first published in September 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: