What is auditing in Windows Server?

Native auditing

Enable auditing at the server level

• Start → Administrative tools → Local security policy snap-in.
• Expand Local policy → Audit policy.
• Go to Audit object access.
• Select Success/Failure (as needed).
• Confirm your selections, and click OK.

Enable auditing at the object level

• Navigate Windows Explorer to the file you want to monitor.
• Right-click on the target folder/file, and select Properties.
• Security → Advanced.
• Select the Auditing tab.
• Click Add.
• Select the Principal you want to give audit permissions to.
• In the Auditing Entry dialog box, select the types of access you want to audit.
• You have to select the options to audit successful and failed events separately.
• Click OK when you're done.

Auditing file and folder access with ADAudit Plus

Native tools require you to filter out file/folder access events from the clutter of logs in the Event Viewer or run Powershell scripts to do the same. Due to limited storage, the logs you require may also be rewritten. 

During an investigation or for compliance audits, getting a clear picture of who accessed a file/folder is cumbersome using native tools. ADAudit Plus lets you pull up complete access trails of any file/folder with a single click. Real-time reports to monitor all attempts to access files or folders in your file servers are provided. These reports can be archived and saved anywhere locally, so you don't need to worry about limitations in storage like with native tools. This way, logs from past events can be stored for as long as needed to be used for forensics and compliance.

Log in to ADAudit Plus, and  go to the File Audit tab. Under File Audit Reports, navigate to the File Read Access report.

The details you can obtain from this report are:

• Which file was accessed
• Who accessed the file
• When the file was accessed
• Which client machine was used to access the file
• The name of the server in which the file is located

You can also pull up the failed attempts to read, write, or delete a file. The reports contain the following details:

• The name of the file
• The name of the user whose request had failed
• The time at which the request was made
• The name of the server in which the file is located

You can configure these reports to be automatically generated and emailed to you at specified intervals. Instant alerts can also be sent to your email/phone when critical files/folders are accessed. These reports can be exported as a CSV, PDF, XLS, or HTML file.

With a record of all attempts made to access a file (including the failed ones), investigations in case of a data breach become much easier. You can track down all the users who accessed a file in order to rule out possible suspects. It can also help in identifying the client machine from which failed attempts were made, which can indicate a compromised system. 

Windows Server Auditing tool

ADAudit Plus with its complete audit reporting features enables an administrator to keep tab of the Windows File share access information of domain users. Securely track user activity, view user logon duration by viewing and scheduling reports. The reports are displayed as easy-to-understand, detailed graphical information. Choose from the many Windows Server reports and get Active Directory alerts in your inbox of the authorized / unauthorized events.

Benefit from the Powerful Audit Reports & Alerts

ADAudit Plus with its complete audit reporting features enables an administrator to keep tab of the access information of domain users.

Report Profiles
The administrator is presented with a host of preconfigured reports and all an administrator has to do is, select the report, to view the simple, yet detailed report information as simple graphs and structured data, emphasizing on every access logged. When in need of further 'filtered' reports, an administrator can also configure/create Report Profiles.

Alert Profiles via email
ADAudit Plus further unburdens the administrator's call of duty with another amicable solution, 'Alerts' by generating critical alarms based on certain events in the Report profile. Upon a change/unauthorized access being logged, an email notification is sent to the administrator(s), enabling him to take caution. Alert Profiles are preconfigured and vigilant upon installation, an administrator can also configure/create custom Alert Profiles that suits his requirement.

Scheduling of Reports

With the scheduling of reports, an administrator can schedule reports, choosing from a reporting frequency of hourly, daily weekly so on and receive periodically the reports to the listed recipients, with options to export the reports to desired formats XLS, CSV, PDF and HTML. These 4 common data storage/share formats aid with the ease of sharing change audit reports across the world.

With ManageEngine ADAudit Plus, For an Administrator, monitoring a Member Server will be a cakewalk.

Other ADAudit Plus Features

Active Directory Audit and Compliance

Auditing Active Directory changes helps organizations to be compliant with regulatory requirements. Learn how ADAudit Plus change audit software can help with data on security audits.

Audit User Management Actions

Keep tabs on what your users do. Study recent changes done by them. Maintain accountable / historical data of user and administrator actions.

Schedule Active Directory change reports

Schedule event log data extraction, view them as reports on the ADAudit Plus web interface, also configure them to be emailed to specified users at desired times.

Track User Logon Actions

Audit and monitor logon actions of users including logon hours, peak logon times and more. ADAudit Plus reports facilitate effective monitoring / tracking of user logon.

What is auditing a server?

How do I use Windows auditing?

What is auditing in computer systems?

How do I audit a Windows service?