Wednesday, June 10, 2009

Security Auditing in Windows

Today I gonna tell you something about security auditing over Network. Being a Network Administrator security is quite an important thing to be entertained. So move on to the solution.

1. Move on Control Panel → Administrative Tools → Local Security Policy.

2. Expand Security Settings → Local Policy → Audit Policy

3. Double click on Audit object access and check the success check box. Click “OK”

4. After doing this Share the desired folder and go to Security tab, move on Advance button, go to auditing tab and click add button enter everyone as object name and click “OK”

5. Now a selection box will be displayed. Choose only the options that you need. If you want to see who delete your files and folders, just check the successful checkbox for Delete and Delete Subfolders and Files. Click OK once you’ve done your selection and also OK through all of the windows you have open.

6. To view who deleted your files and folders on your shared folder, go to Control Panel → Administrative Tools → Event Viewer and view Security. The security event logs will tell you which user deleted what files.

7. Now when someone access your shared folders and deletes a file in there, you have no problem knowing who did it.

Only disadvantage of enabling Audit is, it takes lots of CPU resources. So before implementing this just be prepare for the said issue.

No comments: