Audit (log) Access to Shared Folders

(Originally published on the Seven Forums)

Windows 7 Professional, Ultimate and Enterprise editions have a powerful built-in tool to control the working environment of user accounts and computer accounts. The tool is Group Policy Editor, gpedit. Later on I’m going to tell you more about gpedit, this time we look into how to start auditing (logging) access to your shared folders using Group Policy Editor.

Auditing access to your shared folders makes it possible to keep track of what’s happening; who visits the shared folders, when, doing what. It might not be needed on a “Me and my laptop” networks, although in my opinion it adds a bit to general security of your system and network. When needed, the information is there. Auditing logs are very small files, taking almost no space on hard disk. Auditing does not “eat” the resources of your computer, does not make it slower.

Audit access to shared folders:

  1. Open Group Policy Editor by typing gpedit.msc to Start menu’s search field or Run dialog window and hit Enter
  2. Go to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies Audit Policy, double click to open Audit Object Access

    audit_1

  3. Check both options (Success and Failure) under Audit these objects, click OK

    audit_2

  4. Close Group Policy Editor
  5. Open the Properties of a shared folder you want to audit, choose Security tab, click Advanced

    audit_3

  6. Choose Audit tab, click Continue

    audit_4

  7. Click Add, click Locations to choose from which location you want to audit, write the computer name and name of a user or group you want to audit, for instance PC-3\Administrators or XPPro-upstairs\Kari. Click Check names to “spellcheck”, to check validity of your input

    audit_5

  8. Click OK to close Select User or Group dialog, click OK to close Advanced Security Settings, click OK to close Folder Properties

That’s it. To read audit log, open Event Viewer by typing Event Viewer to Start menu’s search field or Run dialog window and hit Enter. Go to Windows Logs > Security

audit_6

Any further questions, don’t hesitate to ask.

Kari

(Originally posted on the Seven Forums)

Clubhouse Tags: Clubhouse, How-to, Networking, Security
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: