Windows Server 2012 File Share Auditing

In any enterprise using file servers to store and share data auditing is important to ensure data security.

Windows server 2012 file share auditing.

Set up auditing on required files and folders for needed event types. Over the years security admins have repeatedly asked me how to audit file shares in windows. File access auditing is not new to windows server 2012. Auditing object access means determining who accessed what and when on.

This article will cover the process of. For example using file classification and dac you can configure a windows server 2012 r2 file server so that all files that contain the phrase code secret are marked as sensitive. Windows server citrix author. But in windows server 2008 and later there are two new subcategories for share related.

Right click the file and select properties on the tab security click on advanced button switch to the auditing tab and hit the edit button click add to choose users and groups for monitoring. On windows server 2012 auditing file and folder accesses consists of two parts. Open windows explorer and navigate to the file folder in question. Windows 7 windows 8 1 windows server 2008 r2 windows server 2012 r2 windows server 2012 windows 8 this topic for the it professional describes the advanced security audit policy setting audit detailed file share which allows you to audit attempts to access files and folders on a shared folder.

First we need to enable the object audit feature for the entire domain. Until windows server 2008 there were no specific events for file shares. With the right audit policy in place the windows and windows server operating systems generate an audit event each time a user accesses a file. The best we could do was to enable auditing of the registry key where shares are defined.

The following tasks were executed on a domain controller running windows 2012 r2 with active directory. Windows file auditing how to secure files on your servers. Sara tilly gaining insight into what s going on in your server environment is crucial especially when it comes to object access auditing and finer details like windows file auditing. Through group policy for domains sites and organizational units local security policy for single servers configure audit settings for file and folders.

In this article you will see how to track who accesses files on windows file servers in your organization using windows server s built in auditing. Enable file and folder auditing which can be done in two ways.