locked
How to see users file access list of Shared folders and files on Server 2008 R2 RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Is there a possibility to see the users accessing the shared folders and files, like which users had accessed and when, if any modification or deletion made, I am using Windows Server 2008 R2 as Domain controller.

     

    Any help will be appreciated.

     

    Thursday, October 18, 2012 2:09 PM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi,

    You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system. Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node. 

    File access, modicication and deletion can only be tracked, if the object access auditing is enabled you can see the entries in  event log.

    To view connections to shared resources, type net session at a command prompt or follow these steps: 
    1. In Computer Management, connect to the computer on which you created the shared resource. 
    2. In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and computers. 
     

    To enable folder permission auditing, you can follow the below steps:

    1. Click start and run "secpol.msc" without quotes.
    2. Open the Local Policies\Audit Policy
    3. Enable the Audit object access for "Success" and "Failure".
    4. Go to Auto Hidden files and folders, right click the folder and select properties.
    5. Go to Security Page and click Advanced.
    6. Click Auditing and Edit.
    7. Click add, type everyone in the Select User, Computer, or Group.
    8. Choose Apply onto: This folder, subfolders and files.
    9. Tick on the box “Change permissions” 
    10. Click OK.

    After you enable security auditing on the folders, you should be able to see the folder permission changes in the server's Security event log. Task Category is File System.

    Similar Discussion:http://social.technet.microsoft.com/forums/en-us/winserversecurity/thread/E432FFCA-7DE1-42A6-9B6C-19E15175A764   

    More info:
    http://support.microsoft.com/kb/300549

    http://www.windowsitpro.com/article/permissions/auditing-folder-permission-changes

    http://www.windowsitpro.com/article/permissions/auditing-permission-changes-on-a-folder

    Manage Sessions and Open Files
    technet.microsoft.com/en-us/library/cc725689.aspx

    Track User and Computer Sessions on Windows Server 2008
    technet.microsoft.com/en-us/magazine/ff601862.aspx

    http://blogs.technet.com/b/askds/archive/2009/08/04/tracking-a-remote-file-deletion-back-to-the-source.aspx

    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!



    • Edited by iamrafic Thursday, October 18, 2012 3:02 PM links added
    • Proposed as answer by Jonny Moura Thursday, October 18, 2012 7:53 PM
    • Marked as answer by Santosh Bhandarkar Monday, October 29, 2012 1:46 AM
    Thursday, October 18, 2012 2:59 PM