Windows Server 2012 R2 File Share Auditing

Existing file access events 4656 4663 contain information about the attributes of the file that was accessed.

Windows server 2012 r2 file share auditing.

Input username or group name you d like to add auditing and click ok button. For example using file classification and dac you can configure a windows server 2012 r2 file server so that all files that contain the phrase code secret are marked as sensitive. File access auditing is not new to windows server 2012. Navigate to the required file share folder right click it and select properties select security tab advanced button auditing tab click add button.

Lets setup this audit policy on our windows server 2012 r2 server. On windows server 2012 auditing file and folder accesses consists of two parts. Click the auditing tab third tab from the left. Open the property of a share you d like to audit and move to auditing tab and click add button.

This video will demonstrate how to enable the object audit feature on a computer running windows 2012 in order the detect who deleted your files and folders. Right click the file or folder and then click properties. In this article the process of enabling files and folders auditing on windows server 2012 has been explained. Enable file and folder auditing which can be done in two ways.

From the security tab click advanced at bottom right of window. This video covers the basics of auditing in windows server 2012 r2 including the security log using group policy to create audit policies and the auditpol. The detailed file share setting logs an event every time a file or folder is accessed whereas the file share setting only records one event for any connection established between a client computer and file share. Detailed file share audit events include detailed information about the permissions or other criteria used to grant or deny access.

On this example shows to add domain users group. Thus it is important to audit all user actions concerning files and folders access. You can then configure global object access auditing so that all access to files marked as sensitive are automatically audited. Locate the file or folder you want to audit in windows explorer.