Windows Server 2012 R2 File Share Auditing

Click the auditing tab third tab from the left.

Windows server 2012 r2 file share auditing.

Thus it is important to audit all user actions concerning files and folders access. Locate the file or folder you want to audit in windows explorer. From the security tab click advanced at bottom right of window. Enable file and folder auditing which can be done in two ways.

On windows server 2012 auditing file and folder accesses consists of two parts. Detailed file share audit events include detailed information about the permissions or other criteria used to grant or deny access. Existing file access events 4656 4663 contain information about the attributes of the file that was accessed. Lets setup this audit policy on our windows server 2012 r2 server.

Input username or group name you d like to add auditing and click ok button. This video will demonstrate how to enable the object audit feature on a computer running windows 2012 in order the detect who deleted your files and folders. File access auditing is not new to windows server 2012. This video covers the basics of auditing in windows server 2012 r2 including the security log using group policy to create audit policies and the auditpol.

You can then configure global object access auditing so that all access to files marked as sensitive are automatically audited. With the right audit policy in place the windows and windows server operating systems generate an audit event each time a user accesses a file. The detailed file share setting logs an event every time a file or folder is accessed whereas the file share setting only records one event for any connection established between a client computer and file share. Click the security tab at top.

On this example shows to add domain users group. Open the property of a share you d like to audit and move to auditing tab and click add button. In this article the process of enabling files and folders auditing on windows server 2012 has been explained. Navigate to the required file share folder right click it and select properties select security tab advanced button auditing tab click add button.