Windows Server 2012 R2 File Share Auditing

Thus it is important to audit all user actions concerning files and folders access.

Windows server 2012 r2 file share auditing.

You can then configure global object access auditing so that all access to files marked as sensitive are automatically audited. Right click the file or folder and then click properties. File access auditing is not new to windows server 2012. This video covers the basics of auditing in windows server 2012 r2 including the security log using group policy to create audit policies and the auditpol.

With the right audit policy in place the windows and windows server operating systems generate an audit event each time a user accesses a file. Existing file access events 4656 4663 contain information about the attributes of the file that was accessed. Click the security tab at top. For example using file classification and dac you can configure a windows server 2012 r2 file server so that all files that contain the phrase code secret are marked as sensitive.

Enable file and folder auditing which can be done in two ways. This video will demonstrate how to enable the object audit feature on a computer running windows 2012 in order the detect who deleted your files and folders. Locate the file or folder you want to audit in windows explorer. In this article the process of enabling files and folders auditing on windows server 2012 has been explained.

Open the property of a share you d like to audit and move to auditing tab and click add button. From the security tab click advanced at bottom right of window. Lets setup this audit policy on our windows server 2012 r2 server. The detailed file share setting logs an event every time a file or folder is accessed whereas the file share setting only records one event for any connection established between a client computer and file share.

On windows server 2012 auditing file and folder accesses consists of two parts. Click the auditing tab third tab from the left. Detailed file share audit events include detailed information about the permissions or other criteria used to grant or deny access. Input username or group name you d like to add auditing and click ok button.