Windows Server 2012 R2 File Share Auditing

With the right audit policy in place the windows and windows server operating systems generate an audit event each time a user accesses a file.

Windows server 2012 r2 file share auditing.

Enable file and folder auditing which can be done in two ways. Locate the file or folder you want to audit in windows explorer. Lets setup this audit policy on our windows server 2012 r2 server. On windows server 2012 auditing file and folder accesses consists of two parts.

Detailed file share audit events include detailed information about the permissions or other criteria used to grant or deny access. Right click the file or folder and then click properties. Click the auditing tab third tab from the left. On this example shows to add domain users group.

Click the security tab at top. Thus it is important to audit all user actions concerning files and folders access. Open the property of a share you d like to audit and move to auditing tab and click add button. You can then configure global object access auditing so that all access to files marked as sensitive are automatically audited.

Existing file access events 4656 4663 contain information about the attributes of the file that was accessed. Input username or group name you d like to add auditing and click ok button. This video will demonstrate how to enable the object audit feature on a computer running windows 2012 in order the detect who deleted your files and folders. The detailed file share setting logs an event every time a file or folder is accessed whereas the file share setting only records one event for any connection established between a client computer and file share.

Navigate to the required file share folder right click it and select properties select security tab advanced button auditing tab click add button. File access auditing is not new to windows server 2012. From the security tab click advanced at bottom right of window. To enable file auditing on a file or folder in windows.