File Server auditing lets the auditor to trace the secrets hidden beneath the walls of logs. This gives a precise and clear idea who had exactly accessed a file/folder, what changes s/he had made, when, and from where. In addition, the in-depth auditing lets the auditor create the long trails of any change and give an idea about its impact in the future. Not only they can prepare an action plan to revert the undesired changes but they also get equipped to notify and fight with the unauthorized access to the file server. In this post, we’ll discuss the benefits of auditing a file server and the ways to start it on a normal desktop and a Windows Server.
Benefits of File Server Auditing ...view middle of the document...
Such trails with desired documentation and search options can serve the purpose for forensic investigations.
Adherence to Compliances
Maintaining the long-term storage of File Server auditing logs will help an organization to comply with the regulatory compliances such as PCI DSS, HIPAA, SOX, etc. Adhering the compliances will help them to be on safe side during a surprise audit by any Government official and saves them from heavy penalties.
Enabling File Server Auditing
First, you’ve to turn on the auditing of different events on the computers upon which you want to perform the File Server Auditing. And then you’ve to turn on the specific auditing of the targeted files and folders.
Auditing of Windows PC
At a normal Windows PC, you can follow below steps to turn on the File Server Auditing.
1. Go to Start Menu > All Programs > Administrative Tools > Local Security Settings. This will display the following window.
Figure 1: Local Security Settings
2. Double click the Policy in the Right Hand Panel of above window and this will display the following window.
Figure 2: Audit Account Logon Event Properties
3. Check both “Success” and “Failure” items in the above dialog box.
4. Click “Apply” and “OK” button to turn on the auditing for account logon event.
5. Similarly you’ve to turn the auditing for other events in the Local Security Settings such as:
a. Audit account management
b. Audit directory service access
c. Audit logon events
d. Audit object access
e. Audit Policy change
f. Audit privilege use
g. Audit system events
Out of above events, the “Audit object access” is directly related to the File Server auditing whereas others will be add-ons to the auditing task.
Auditing on a Windows Server
At a Windows Server machine where a domain and Active Directory is already setup, you’ve to perform the following steps for turning on the File Server auditing...