Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

File Audit Strategy

Status
Not open for further replies.
adrianvasile

adrianvasile

Technical User
Apr 3, 2006
124
US
I was wondering if anyone has a good file audit strategy to use under Windows 2003 ( File server).
Basically, all I need to know is who is accessing what and when, and who gets a denied access to certain files and folders.
I tried setting up Microsoft File Auditing but I ended up with hundreds of irelevant records. What is scarry is that I get a Failure Audit for user that are not trying to access anything: for exaple it states that a user tried to access a folder when in reality that user didn't.
Maybe if anyone knows about a 3rd party software that can ease the process.
Thank you.
 
Sort by date Sort by votes
If you are looking to audit just a small group of folders, then you could leverage WMI. It is free and you can use a WMI script to watch the folder and take whatever action you want. This is called and Event Consumer Script.

The following book is not for the scripting newbie, but is has exactly what you need. (Note: there is an commission in the book- fix is below.)


To get the script to run, at the bottom of page 110 add the following line of code.

objfilter.EventNameSpace = "root\cimv2"

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Thank you. I was looking for something more like a 3rd party solution. To be honest, I don't think I have the time to learn and create the scripts that will monitor those folders. And I don't need the computer to perform any action based on an event entry - just plain auditing so that when I run a report it will show me what I need.
 
Upvote 0 Downvote
Just plain auditing" will give you what you have already experienced. A full security log with little useful information.

Using an event consumer script will use next to no system resources. You could write your data to a SQL database or a text file. Whichever makes your job easier.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
I looked up sample scripts for the Event Consumer but not too many results.
 
Upvote 0 Downvote
You won't likely find any. As I stated above, get the Ed Wilson book. You may even be able to get it at the public library if you don't want to buy it.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
420
microsGuy16
microsGuy16
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
203
RRankin355
RRankin355
JScannell
  • Locked
  • Question
File saving from browsers
Replies
1
Views
143
DrB0b
DrB0b
shmoes
  • Locked
  • Question
Delegating file admin permission
Replies
3
Views
156
SamBones
SamBones
Fabzionj
  • Locked
  • Question
Count record on Text files
Replies
0
Views
102
Fabzionj
Fabzionj

Part and Inventory Search

Sponsor

Back
Top