Windows Server 2012 R2 File Share Auditing

Click the auditing tab third tab from the left.

Windows server 2012 r2 file share auditing.

Click the security tab at top. This video covers the basics of auditing in windows server 2012 r2 including the security log using group policy to create audit policies and the auditpol. Locate the file or folder you want to audit in windows explorer. Right click the file or folder and then click properties.

Lets setup this audit policy on our windows server 2012 r2 server. Enable file and folder auditing which can be done in two ways. Navigate to the required file share folder right click it and select properties select security tab advanced button auditing tab click add button. Open the property of a share you d like to audit and move to auditing tab and click add button.

To enable file auditing on a file or folder in windows. With the right audit policy in place the windows and windows server operating systems generate an audit event each time a user accesses a file. This video will demonstrate how to enable the object audit feature on a computer running windows 2012 in order the detect who deleted your files and folders. From the security tab click advanced at bottom right of window.

On this example shows to add domain users group. On windows server 2012 auditing file and folder accesses consists of two parts. Existing file access events 4656 4663 contain information about the attributes of the file that was accessed. The detailed file share setting logs an event every time a file or folder is accessed whereas the file share setting only records one event for any connection established between a client computer and file share.

Input username or group name you d like to add auditing and click ok button. Thus it is important to audit all user actions concerning files and folders access. File access auditing is not new to windows server 2012. You can then configure global object access auditing so that all access to files marked as sensitive are automatically audited.