Scribd
Upload
53 views3 pages

Configuring Audit Policies For File Server

Uploaded by

bams021
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
53 views3 pages

Configuring Audit Policies For File Server

Uploaded by

bams021
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Configuring audit policies - Manual

configuration
Audit policies must be configured to ensure that events are logged whenever any activity
occurs.

Manual configuration
1. Configure list of Windows file servers to be audited
1. Open Active Directory Users and Computers.
2. Right-click the domain and select New > Group.
3. In the New object - Group window that opens, type in “ADAuditPlusFS” as the Group
name, check Group scope: Domain Local and Group type: Security. Click OK.
4. Right-click the newly created group, then select Properties > Members > Add. Add all the
Windows file servers that you want to audit as a member of this group. Click OK.
5. Using domain admin credentials, log in to any computer that has the Group Policy
Management Console (GPMC) on it.
Note: The GPMC will not be installed on workstations and/or enabled on member servers by
default, so we recommend configuring audit policies on Windows domain controllers.
Otherwise follow the steps in this page to install GPMC on your desired member server or
workstation.
6. Go to Start > Windows Administrative Tools > Group Policy Management.
7. In the GPMC, right-click the domain in which you want to configure the Group Policy.
Select Create a GPO and Link it here. In the New GPO window that opens, type in
“ADAuditPlusFSPolicy” and click OK.
8. Select the ADAuditPlusFSPolicy GPO. Under Security Filtering, select Authenticated
Users. Click Remove. In the Group Policy Management window that opens, select OK.
9. Select the ADAuditPlusFSPolicy GPO. Under Security Filtering, click Add and choose the
security group ADAuditPlusFS created previously. Click OK.

2. Configure advanced audit policies


Advanced audit policies help administrators exercise granular control over which activities get
recorded in the logs, helping cut down on event noise. We recommend configuring advanced audit
policies on Windows Server 2008 and above.

1. To set this up, edit <ADAuditPlusFSPolicy> by right-clicking on the policy and


selecting Edit.
2. Navigate to Configuration > Windows Settings > Security Settings > Advanced Audit
Policy Configuration, and configure the following settings.
Category Sub category Audit Events Purpose

 Audit File System


 Audit File Share  Success, Failure
Object  Audit Handle  Success  File share
Access Manipulation  Success, Failure auditing

 Audit Policy  File


Change permission
Policy  Authorization  Success, Failure change
Change Policy Change  Success auditing

3. Force advanced audit policies

When using advanced audit policies, ensure that they are forced over legacy audit policies.

1. Enable Force audit policy subcategory settings in <ADAuditPlusFSPolicy>.


2. Navigate to Computer Configuration > Windows Settings > Security Settings > Local
Polices > Security Options > Audit: Force audit policy subcategory settings (Windows
Vista or later) to override the audit policy category settings.
4. Configure legacy audit policies

Due to the unavailability of advanced audit policies in Windows Server 2003 and earlier versions,
legacy audit policies need to be configured for these types of servers.

1. To set this up, edit <ADAuditPlusFSPolicy> by right-clicking on the policy and selecting
Edit.
2. Navigate to Configuration > Windows Settings > Security Settings > Audit Policy
Configuration, and configure the following settings.
Category Audit Events Purpose

 File share auditing


 File integrity monitoring
Object Access  Success, Failure  File permission change auditing

You might also like