Auditing file share on windows 2008 R2

Similar Messages

• FIrewall for Windows File Share for windows 2008

  Hi All,
  Recently we upgraded one of our application file server from Windows 2000 to Windows 2008. We use this server for file sharing. We used to read files and write files to this server. Post upgrade one week every thing went fine all of a sudden we started seeing
  issues like the application servers stopped communicated to this server. 
  We worked with our firewall team and enabled port 445 post this the application servers started communicating to the file server. Our Application servers are on Windows 2003 server.
  Can someone please help me understand what is the port that needs to be enabled for accessing the file shares. My firewall team confirmed there were no firewalls rules between the Application server and File server. 

  Hi,
  Based on my research, firewall ports required for SMB file sharing are port 445 and 139.
  More information for you:
  SMB: File and printer sharing ports should be open
  https://technet.microsoft.com/en-us/library/ff633412(v=ws.10).aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Unable to Establishing an anonymously accessible file share on Windows 2008 R2 (SP1)

  So far I tried all this to no avail, server keeps prompting me for username/password when I try to access such share from non-domain
  Windows computer:
  this is what i tried:
  1.  Enable the guest account
  2.  Add the everyone group to both the share and the security permissions.
  3.  Open the Local Security Policy
  4.  Network Access:  Let Everyone permissions apply to anonymous users = Enabled
  5.  Network Access:  Named Pipes that can be accessed anonymously = (add) sharename
  6.  Network
  Access:  Restrict anonymous access to Named Pipes and Shares = Disabled
  7.  Network Access:  Shares that can be accessed anonymously = (add) sharename
  am i missing something here?
  Thanks
  Guy

  Hi,
  This is because it will use the current logged on account to authenticate the access - as the same account exists in target computer, if password is different then you will fail to access the folder. 
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Why won't Lion file share with windows 7?

  Why won't Lion file share with windows 7? Is there going to be a fix?

  Verysafety shareing file...

• Mount NAS Share in Windows 2008 R2 using CIFS

  Hi All,
  We have a requirement to setup NAS file share mounted to Windows 2008 R2 server using CIFS. This share needs to be visible for all users who logged in to the server and should be a permanent share. I have gone through the below link on the steps to connect
  NAS share using Windows NFS client.
  http://randypaulo.wordpress.com/2012/06/29/nfs-how-to-connect-to-nfs-using-windows-server-2008-r2-without-using-user-mapping-server/
  As per the above link we will need to mount the NAS share using a Unix User ID and Group ID. But in our environment its not possible and we have to use Windows Active directory user account and group name. Due to this reason why we want the CIFS to be placed.
  So if anyone has got different opinions please share with us. Also please let us know if anyone has got any idea how to do this setup.
  Your help will be highly appreciated.
  Regards,
  Kiran Francis

  Hi,
  Do you mean that the NFS share is stored on a Windows-Based computer and you want Authenticated users access the NFS share?
  Please refer to the article below to use command line to mount NFS share:
  Mounting an NFS shared resource to a drive letter
  http://technet.microsoft.com/en-us/library/cc754350.aspx
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How-to hide the portal file shares on Windows

  Hi,
  Does anybody know how to hide the default file shares created by SAP NW 04 in windows?
  In other words: what I'm trying to accomplish is renaming the sapmnt share and saploc share (both on the E:\usr\sap\ folder) to sapmnt$ and saploc$.
  I know how to do the Windows part, but where and how do I configure the SAP Web AS part?
  Regards,
  Steven Dijkman

  Hi guys,
  Thanks for all the feedback.  However, this still does not fully work.
  I tried hiding the folder but it in fact only hides the folder, not the share itself. I'm trying to do the opposite, hiding the share (making it an administrative one) whilst not hiding the folder. With the folder hidden, the startup framework (NW 04 EP6 SP12) does not work.
  By the way: checking / tightening access is not an option: security architects dictate what needs to happen here and unless I have VERY good reasons I should comply to what they say: change saploc to saploc$ and change sapmnt to sapmnt$.
  If anybody has anymore thoughts, I'd be very interested.
  Cheers,
  Steven Dijkman

• Sapjup cannot find correct shares on Windows 2008 R2 cluster

  Hello Guru's,
  I have succesfully installed CRM 5 Abap+Java on Windows 2008 R2 based hardware. This is a HA setup.
  I am now in the process of upgrading to CRM 7.01. Unfortunately, the java upgrade program SAPjup runs into an error (share
  Host_A\sapmnt does not exist)  I cannot solve up to now.
  This is my setup:
  I have two application servers: Host_A and Host_B. Both servers form a Microsoft Failover Cluster. The shared disk for the abap and java central services is the F:\ drive, the cluster name is Cluster_X.
  The Central Instance is installed on the local disk G:\ of Host_A; The Dialog instance on local disk G:\ of Host_B.
  As instructed in the manual, I have moved the SAP cluster to Host_A and started the the upgrade process on G:\ drive of the same host.
  During the phase PREPARE/INIT/INPUT_SAPSERVICESID_PWD_HA, the SAPjup program is trying to map the
  Host_A\sapmnt share to a drive letter ('net use' command). This step results in an error.
  I can explain this error since the proper share in my opinion should be
  Cluster_X\sapmnt instead of
  Host_A\sapmnt.
  In Windows 2003 this was not a problem, because
  Cluster_X\sapmnt and
  Host_A\sapmnt can both be accessed and refers to the same disk location when the cluster group is active on Host_A. However, in Windows 2008 R2 this is not the case anymore and
  Host_A\sapmnt is not a valid share.
  Has any one of you run into this same problem or have suggestions how to solve?
  Rob Veenman
  SAP Technology.

  I owe you an answer for the issue we had.
  I opened a message with SAP, and got acklowledge that this is indeed a bug in SAPJup. SAP is working on a solution.
  The work around (which was succesful) was as follows:
  1. I moved the SAP Cluster group to Host_B (the DI host).
  2. I created g:\sapmnt on Host_A and copied content from the shared drive
  Cluster_X\sapmnt
  to this local drive.
  3. I shared diretory g:\sapmnt with share name sapmnt on Host_A and gave
  SAP_<SID>_GlobalAdmin Read/write access.
  Now SAPJup can continue. At the next interrup, you can remove the local directory g:\sapmnt and move the cluster disk back to Host_A.
  I will give an update and close this thread as soon as I get a definitive solution from SAP AG for this issue.
  Rob Veenman
  SAP Technical Consultant.

• Accessing Mac File Share from Windows Server 2003

  I currently have a windows domain that has a few Mac OS x leopard servers on it. I can map a drive to the Mac share using windows XP and Windows Vista, but I cannot map the drive in Windows Server 2003. I have enabled the Windows Sharing on the Mac server, and enabled the Mac File Sharing on the Windows server, but the windows server does not find the Mac server. I can ping the Mac server by FQDN and IP, but when I go to map a drive to it I get the error:
  The mapped network drive could not be created because the following error has occurred: An unexpected network error occurred.
  I have also checked the Local Security Policies, and did not find anything that would cause the issue. Any ideas anyone?
  Message was edited by: GovHelper
  Message was edited by: GovHelper

  Does anyone else have any ideas? I checked again today and receive "The specified network name is no longer available" and after a few more attempts "An unexpected network error occurred"

• Downloading files on a Windows 2008 R2 server using IE 9

  Hi.
  Trying to download some fiels from Microsoft download center, but receiving the following message: "Your current security settings do not allow this file to be downloaded"
  Have tried the following in IE 9:
  Turned off Protected mode.
  The page is added to Trusted site.
           Trusted site is configured as follows:
                           Dowloads is Enablet
                          Font download is Enablet
             Under Miscellaneous has the following settings:
                          Allow META REFRESH, enablet
                           Allow webpages to use restrict3ed protocols for active content, Prompt
                           Allow webpages tgo open windows without address or status bar, enablet
                           Launching applications and unsafe files, Pompt
                           Launceing programs and files in an IFRAME Promt
  Still not possible to download a security patch from Microsoft download senter.
  Looking forward to a solution.
  Thank you in advance.
  Kind regards
  DagN

  Hi,
  Please check the following blog to 
  see whether you can resolve the issue.
  http://jaredheinrichs.com/your-current-security-settings-do-not-allow-this-file-to-be-downloaded.html
  Important Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to
  you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.
  There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.
  Best Regards,
  Vincent Hu

• Audit logs on Windows 2008 works different when file is modified from UNC path

  Hello All,
  Here i have a strange situation with the generation of audit logs when folders\files are changed locally(my computer) on the server (vs) from the UNC path
  (\\servername\drive$\folder\....).
  File Server : Windows 2008 R2.
  Audting enabled and SACL set on the folder level.
  Enabled advanced auditing for Audit Object Access and enabled the force sub category audit settings on vista \ window 2008 policy via GPO and also verified that the sub category is set.
  also set SACL on one folder on the R drive. (\\servername\r$\<folder>\<audited folder>
  auditpol /get /category:"Object Access"
  Object Access : File System                            
  Success and Failure
  Situation : 1
  When i make any manipulations (traversing \ listing \ adding or deleting folder or files) on the server locally from my computer ---> . r drive --> folder --> audited folder , i get the event id generated (4663) with all the correct
  information.
  For ex: created a new txt file.
  Object: Object Server: Security, Object Type: File, Object Name: R:\Audits1\folder1\New Text Document.txt, Handle ID: 0xcb4
  Process Information: Process ID: 0x1bac , Process Name: C:\Windows\explorer.exe
  Access Request Information: Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) , Access Mask: 0x6
  Situation : 2
  When i make the same  manipulations (traversing \ listing \ adding or deleting folder or files) on the server or remotely via the UNC path \\servername\r$\folder\audited folder or DFS share or \\servername\<sharename>
  , i dont get the event id generated (4663) with the needed information.
  For ex: created a new txt file.
  Object: Object Server:      
  Security , Object Type:File ,         
  Object Name:         
  R:\Audits1\folder1\New Rich Text Document (3).rtf , Handle ID:  
  0xa3c
  Process Information: Process ID: 0x4, Process Name:
  Access Request Information: 
  Accesses: WriteData(or addfile), Access Mask: 0x100
  In the second situation process name is empty (for the file events) and also found that the logs generated are very less compared to the first situation.
  Please suggest if there is any fix with this.
  Thanks,

  Enable the following auditing on the server either through domain
  policy or local policy:
  Audit logon events - Success
  Audit Object Access  - Success
  On the Auditing tab, add Everyone with the following audit settings.

• Detailed File Share Auditing not working properly (Applying to All Files)

  System is Windows 2008 R2, member server. The Default Domain policy has Audit account logon events, Audit account management, & Audit privilege use turned on for Success, Failure...pretty standard. I want to enable Detailed File Share Auditing for a
  specific file share on this member server.
  The problem is that I am getting audit events in the Security log for folders that do not have Auditing set on them, namely a "My Documents" share for Folder Redirection and \\*\IPC$ The root of the drive has nothing set for auditing. Again I only
  set it on a single folder and sub-folders under that. What am I missing here?
  I run the command on the member server to set this up (auditpol /set /subcategory:"Detailed File Share" /success:enable /failure:enable) That works fine.
  Result of auditpol /get /category:"Object Access" :
  System audit policy
  Category/Subcategory                      Setting
  Object Access
    File System                             No Auditing
    Registry                                No Auditing
    Kernel Object                           No Auditing
    SAM                                     No Auditing
    Certification Services                  No Auditing
    Application Generated                   No Auditing
    Handle Manipulation                     No Auditing
    File Share                              No Auditing
    Filtering Platform Packet Drop          No Auditing
    Filtering Platform Connection           No Auditing
    Other Object Access Events              No Auditing
    Detailed File Share                     Success and Failure
  Now I went to the file share to set the audit permissions. Security>>Advanced>>Auditing>>Continue. Set Everyone Full Control for Success and Failure (all boxes checked).
  I am using NTFS permissions for security, the share level permission on the folder are Everyone Full.
  Michael Maxwell

  I think found the reason. Could someone please clarify this statement for me?
  Since there are no SACLs for shares, once this setting is enabled, access to all shares on the system will be audited.
  So what is the workaround for this? Is there one? I'm confused as usual.
  Michael Maxwell

• PS CS5 Write Acess Error saving to a windows 2008 server share

  Hi Everyone,
  Our macs are running Snow Leopard 10.6.7 and we save/open files on a Windows 2008 Server via SMB,
  this particular problem, seems to be happening only with Photoshop:
  Sometime, when we try to save an image, photoshop returns a write access error
  at that time, if you go to the finder and take a look at the folder, the file had simply vanished.
  If you close the image, all lost.
  Everything is fine with Indesign and illustrator.
  Any help would be much appreciated!!
  Thank you all very much in advance.
  William

  Thanks for the reply Chris,
  I am trying to look for a solution on the Mac OS side, this problem happens from time to time.
  People keep trying to use Active Directory and log macs on it, it's always a problem.
  And to make things worse, apple changes the way Mac OS handles network tasks,
  they did it with 10.5 and 10.6. Well, we have to deal with that, right?
  Thanks again
  All the best
  William

• Proper way to make bulk changes the Owner ID, Path and file share credentials for my existing subscriptions, ExtensionSettings

  We are going through with an upgrade/migration to SSRS 2012 and moving everything to a different domain. We have about 200 active subscriptions running, the reports are being delivered to a file share.  What is the correct way, in bulk, to change
  the OwnerId, the Path and the FileShare Username password credentials for these subscriptions?  I see these values are being stored in Subscriptions > ExtensionSettings.  I see that the file share path and Owner wouldn't be a problem to change,
  but since I see the file share credentials are encrypted I would not be able change them directly in ExtensionSettings.  Anyone know the proper way to change the Owner ID, Path and file share credentials for my existing subscriptions without having to
  change each one of them manually in the report manager?
  Note: Reporting Services Native upgrade from SSRS 2005 to SSRS 2012.
  Thanks in advance.

  Hi Cygnus46,
  Based on my understanding, you want to change the Owner ID, Path and file share credentials for all existing subscriptions.
  In Reporting Services, the subscription information are stored in the Report Server database. In your scenario, you can go to report server database and run the query to list all the subscriptions, then modify the owner and fileshare paths in the subscriptions
  table. For more information, please refer to this article: Tip: Change the Owner of SQL Reporting Services Subscription. If you want to change
  the file share credentials for subscriptions, you can run the query provided by
  wiperzeus from this similar thread:
  Windows File Share Delivery/ SSRS 2008 R2.
  If you have any question, please feel free to ask.
  Best regards,
  Qiuyun Yu
  Qiuyun Yu
  TechNet Community Support

• How can I map a drive to Azue file shares without user intervention or having a user logged on?

  I have the file share created, and can manually map the drive. I have even created a batch file that will create the drive mapping.  One step further, I used the following regedit to create the mapped drive:
  Regedit:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  add new string value:
  value name:  MapS
  value data:  c:\azurefileshare.bat
  I have a scheduled task running a batch file running the net use command, and the drive is available, and I can create/delete files, so access is not an issue.
  All works fine if I log onto the server, however, what I am trying to accomplish, is to have that drive mapped upon reboot without having a user log on.   Checking the log file running the net use command when no one is logged on, I get the following:
  Status       Local     Remote                    Network
  Unavailable  S:        path of file share
  Microsoft Windows Network
  The command completed successfully.
  New connections will be remembered.
  Is there a way to accomplish this?  Thanks in advance.

  Hello wdick,
  Thank you for your response and getting back on this issue. I am sorry that the blog that I referred to was not available. I pretty much thought that you must be referring to the ‘File Services’ which is in preview yet. I recently had another user with a similar
  question but currently, the users can access the files using only 'Interactive logon'. You can refer to this link: 
   http://social.msdn.microsoft.com/Forums/en-US/1f1fa9b5-a81d-4067-9d90-2c7c47667732/azure-file-services-authentication-without-prompt-passthrough?forum=windowsazuredata 
  Thanks.
  Syed Irfan Hussain

• Oracle 11g ODAC 11.1.0.6.21 on Windows 2008 Standard server gives TNS error

  Hi,
  I have Oracle 11g ODAC 11.1.0.6.21 installed on my Application server that has 32 bit Windows 2008 Standard. The Oracle database 10g is installed on another 2008 server. On database server I can connect using SQLPlus. But on application server I cannot connect using ODAC SQLPlus. I have given correct service name in tnsnames.ora file.
  Error is ORA-12154 TNS: Listener cannot resolve service name
  What's wrong? Is 11.1.0.6.21 not meant for Windows 2008? I did not get any errors while installing.
  This 11.1.0.6.21 works perfectly for me on XP machine.
  I have browsed this forum but not getting clear steps to peform.
  Can someone guide me what is needed?
  Thanks
  Shrini

  Hi,
  The request to connect from the client is reaching the server but it seems the parsing of the service name is either wrong or the information is correct. Here are a couple of suggestions.
  If you have a good known set of sqlnet.ora and tnsnames.ora files on another client where the same connection descriptor works, then backup the curreny client network config files and copy the good known files to the Windows 2008 web server where you see the error. Make sure you recycle the worker processes once the files have been copied.
  Try to connect via Ezconnect and by pass the config files to see if you get the same error.
  //hostname:port/servicenameofdb
  where hostname is the machine where the target database is running
  port is the port on the DB machine where the tns listener is running and listening
  service name is the service name of the target DB
  Use this syntax in the connect string box when attempting to connect from SQL PLUS out of the ODAC home.
  You can also run lsnrctl utility on the server and vertify there is a handler for the service name or instance that is the target,
  HTH
  Jenny B.