blog




  • Essay / Ways to Enable File Server Auditing on Windows Machines

    File Server Auditing allows the auditor to trace the secrets hidden beneath the walls of logs. This gives a clear and precise idea of ​​who exactly accessed a file/folder, what changes they made, when and from where. Additionally, in-depth auditing allows the auditor to trace the long trail of any changes and provide an idea of ​​its impact in the future. Not only can they prepare an action plan to undo unwanted changes, but they are also equipped to notify and combat unauthorized access to the file server. In this article, we will discuss the benefits of auditing a file server and ways to start it on a normal desktop computer and on a Windows server. Benefits of File Server Auditing Bringing out secrets from file server logs clearly reveals user access and changes. they did this using files and folders. This will strengthen them to prove charges against a user for deleting an important file, accessing a cryptographic key file intended for account information, or modifying a document. Highlighting the intrusionThe auditor can cross-check access/modifications to file servers at different times and highlights unauthorized access. Such access may be carried out inside and outside the organization. Keeping an eye on system files also gives an idea about virus or malware attacks. Securing the System By obtaining information about unauthorized modification or malicious access to system files in time, administrators can take precautionary measures by backing up the file server. undesirable situations. Using PowerShell and CMDlets, they can generate the reports manually to highlight these unwanted changes and take preventive measures to avoid any kind of irreparable loss. file/folder.3. Go to the “Audit” tab and click the “Add” button. This will display the following dialog box to select a user, computer or group. Figure: “Select User, Computer, or Group” dialog box4. Enter the name of the users you want to monitor and click the “Check Names” button.5. Once you are finished, click the “OK” button. This will display the following dialog box.Figure: Audit Dialog Box6. Select all access attributes and their two values ​​“Pass” and “Fail”.7. Select “Apply these audit entries to objects and/or containers in this container only”.8. Click the “OK” button. Conclusion File server auditing helps a lot in identifying file accesses and allows the auditor to highlight intrusions, if any. Moreover, it is quite simple to follow the steps mentioned above to enable auditing on Windows machines.