Q

Can native OS tools enable file-access auditing?

Our systems management expert explains how to set up file-access auditing using native tools in Windows and where third-party tools fit into the file-access auditing process.

I've read somewhere that file-access auditing can be enabled and subsequently reported using native OS tools, rather than third-party tools. Is this correct? Or is a third-party solution required to determine who accesses what and when on a Windows server?
The native OS has the ability to audit file objects and can report successful and failed attempts to access an object. It then places those reports into the system security event log.

This article explains how to use Group Policy to apply or modify auditing policy settings for an object.

Once you've set this up, locate a utility that can send you the specific security events that appear in the server you're auditing (or do some scripting if you know how). I suggest the EventSentry Light utility from Event Sentry. This freeware program runs without time limitations and allows you to specify the events to send your way.

This was first published in September 2007

Dig deeper on Windows Server Monitoring and Administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close