Learn More Download Free Trial Pricing & Buy
You are here: Home  ›  How To  ›  How to enable auditing on a folder

How to enable auditing on a folder

This article explains how you can enable auditing on a windows folder. This is required if you plan to create auditing reports in Terminal Services Log.

Contents

[ hide ]

  1. 1 Configuring Group Policy
  2. 1.1 Configuring Group Policy for a domain WITHOUT Group Policy Management feature:
  3. 1.2 Configuring Group Policy for a domain WITH Group Policy Management feature:
  4. 2 After group policy configuration we are going to configure certain folders for auditing:
  5. 3 Configuring Terminal Services Log

By auditing files and folders access you can report that only permitted users are accessing certain files, and you have detailed report if user is accessing files that she/he is not allowed to open.

In last article we discussed what you need to enable auditing on your domain and audit logon events, in this post we are going to focus on enabling auditing on a particular folder.

First we are going to configure a Group Policy to audit files and folders.

Configuring Group Policy

There are two methods how you can apply group policy. Login to your Domain Controller and check if you have Group Policy Management in the Administrative Tools.

Configuring Group Policy for a domain WITHOUT Group Policy Management feature:

  1. Login to you Domain Controller with an account that has Domain Administrator privileges
  2. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  3. On the View menu, click Advanced Features.
  4. Right-click Domain Controllers, and then click Properties.
  5. Click the Group Policy tab, click Default Domain Policy, and then click Edit.
  6. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.
  7. In the right pane, right-click Audit Object Access, and then click Properties.
  8. Click Define These Policy Settings, and then click to select Success
  9. Click OK.
  10. The changes you made will only take effect when the policy setting is propagated or applied to your computer. Complete either of the following steps to initiate policy propagation right now:
    • Type gpupdate /force at the command prompt of a server and then press ENTER. The policy will be updated.
    • Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.


Configuring Group Policy for a domain WITH Group Policy Management feature:

  1. Login to you Domain Controller with an account that has Domain Administrator privileges
  2. Click Start, point to Programs, point to Administrative Tools, and then click Group policy management
  3. Click Default Domain Policy, and then click Edit (in case you have special policy only for terminal servers select that policy)
  4. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.
  5. In the right pane, right-click Audit Object Access, and then click Properties.
  6. Click Define These Policy Settings, and then click to select Success
  7. Click OK.
  8. The changes you made will only take effect when the policy setting is propagated or applied to your computer. Complete either of the following steps to initiate policy propagation right now:
    • Type gpupdate /force at the command prompt of a server and then press ENTER. The policy will be updated.
    • Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.


After group policy configuration we are going to configure certain folders for auditing:

1) Login to you server and right click on folder you want to enable auditing for, click Properties

1-FolderProperties

2) Choose Security Tab and then click Advanced button

2-FolderSecurity

3) Click Auditing tab and then click Add

3-Advanced-Security

4) Enter all the users/groups whose operations you want to audit. If you want to audit all users in your domain type „Domain Users“

3a-Select-Users

5) Select the operations you want to track. We recommend that you select the minimal set of operations. Auditing is resource consuming operation so you should select just a few operations you want to track here. We recommend:

4-Auditing-Entry

6) If there is a folder structure below the current folder make sure you ticked „Replace auditing entries…“

5-Replace-Auditing-Entries


Configuring Terminal Services Log

You need to enable collection of audit log data in the File > Preferences and you are good to go. Terminal Services Log will start to collect audit information from the event log on regular basis. Click here to check sample audit reports.

This page is wiki editable click here to edit this page.
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Help us improve the documentation. Send Your Comments