Windows server 2008r2 files and folder auditing.

Hi ,I want to Monitor files and folder with auditing in 2008r2 like write,read,delete etc..
Can you please help me on that.
Thanks in advance for your support.
Thanks,
Bhautik Shah

Hello,
this must be enabled on the folder you like to monitor. Steps in the following thread from the same question are still valid:
Enabling file auditing is a 2-step process.
[1] Configure "audit object access" in AD Group Policy or on the server's local GPO. This setting is located under Computer Configuration-->Windows Settings-->Security Settings-->Local Policies-->Audit Policies. Enable success/failure auditing
for "Audit object access."
[2] Configure an audit entry on the specific folder(s) that you wish to audit. Right-click on the folder-->Properties-->Advanced. From the Auditing tab, click Add, then enter the users/groups whom you wish to audit and what actions you wish to audit
- auditing Full Control will create an audit entry every time anyone opens/changes/closes/deletes a file, or you can just audit for Delete operations.
After you've done both of these steps, any file deletions will show up in the Security log of the file server that hosts those files.
HTH
http://technet.microsoft.com/en-us/library/dd772690%28WS.10%29.aspx
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter:  

Similar Messages

  • Sql server data file and log file

    hello experts
    what is the best way to save data file and log file in a two node cluster environment. i have an active\passive cluster with windows server 2008r2 enterprise and sql server 2008r2. i am new to the environment and i noticed that all system and user databases
    including their data and log files are stored in one drive, just curious, what is the best practise in such kinds of scenario, thank you as always for your help.

    Make sure  you have valid/tested  backup strategy for both system and user databases.
    Best Regards,Uri Dimant SQL Server MVP,
    http://sqlblog.com/blogs/uri_dimant/
    MS SQL optimization: MS SQL Development and Optimization
    MS SQL Consulting:
    Large scale of database and data cleansing
    Remote DBA Services:
    Improves MS SQL Database Performance
    SQL Server Integration Services:
    Business Intelligence

  • Windows Server 2008r2 - Users somtimes can't see new files in folders unless a new file is created.

    Hello Folks!
    My users sometimes have a problem that user A sometimes can't see a file created or copied by user B to a directory within a share they can both access. Both are within the same group which grants them Full Access on the share, settings for permissions are
    correctly set to be applied on directories, subdirectories and files.. Confusingly, this can be fixed when user A creates some kind of file (empty .txt, for example); the "missing" files will suddenly appear.
    Windows Server 2008r2, DC
    Windows File Server 2008r2, shares and files are located here.
    ABENUM activated, needed for several folders.
    The Domain-Admin Account is able to see all the files all the time.
    Anybody got an idea what I could check?
    Thank you very much!
    Kind regards,
    Boris

    Hi,
    When you use user A access the shared folder, did you do the refresh to check the result?
    If the issue persists, please try to install this hotfix:
    http://support.microsoft.com/kb/2769790/en-us
    Regards.
    Vivian Wang

  • Windows Server 2008R2 profile unload impossible due to Temp "Z@.." files

    Hi,
    We are supporting many environments for different customers.
    Unfortunately they all share the same issue, which is caused by the combination of Windows Server 2008R2 and Adobe Reader 11.
    The files are located in "C:\Users\Some-User\AppData\Local\Temp\2\acrord32_sbx\[email protected]"
    There are many folders, for one user sometimes up to 20 folders (user.domain.001, user.domain.002 etc), collecting up to wazoo.
    Removing hotfixes do not solve the issue, neither does the two provided acroct.ini files (to be placed in \windows\ folder).
    All Servers are up2date on Windows update, conform a Patch Policy we maintain.
    We have tried removing Windows updates, ofcourse with a deny on the patch policy so that it doesnt return, but the issue stays occurring.
    I'd prefer to have this issue resolved by installing a patch - Instead of removal of patches.
    As I am searching for a way to directly contact Adobe Support, I could only opt-in on this forum to get support afaik.
    If needed, I can put down more information ofcourse.
    Server info:
    Hypervisor: VMware 5.1
    OS:     Windows Server 2008 R2 SP1 (used as Terminal Server, one of 5 servers total)
    RAM:     12GB Memory
    Adobe Reader version:     Adobe Reader XI (11.0.06)
    Anyone who can help out get professional support, please don't hesitate to respond.
    Regards, Michael

    I have read many many articles for this issue.
    Outcome is, like from this Blog, Adobe has to re-code Reader.
    We have tried alot of ways to get this fixed, but neither uninstalling MS Patches, nor the AcroCT.ini files (yes both) are a fix for us.
    If Adobe Reader needs to use temporary fonts for printing the PDF files, they have to Force unload and clean up the temporary fonts/files. (Font Installation and Deletion (Windows))
    Since MS14-045: Description of the security update for kernel-mode drivers: August 27, 2014 there is a new behavior for Font and Font Resource installation/deletion.
    Since Adobe Reader has NO support channel, NO way of contacting other than the forums:
    How on earth could we get this to be fixed in a new release???
    Should this message be posted on all threads for this annoying issue?
    We are facing this problem with over 10 customers on over 600 Remote Desktop Servers - No way I am going to remove patch #1 from August 2014, which is being re-deployed in a newer fix every month..
    The root cause is the programming in Adobe, which had been conform Microsoft's wishes, but this behavior change in removal has to be remarked to Adobe...
    Regards and awaiting a way into the developers part on Adobe Reader.
    Michael

  • MS OUTLOOK PROMPT USERNAME AND PASSWORD REPEATLY WHEN WE LOGIN WINDOWS 8.1 WITH DOMAIN USER ON WINDOWS SERVER 2008R2

    Dear Sir
       My name is sandeep and i have a technical issue with MS office Outlook 2007 standard. the problem is i have windows 8.1 pro. and i have installed office 2007 standard on it. i have also joined this windows 8.1  to Domain Network(I have
    domain Server on Windows server 2008R2) now problem is that when i login with domain user on this windows 8.1 and configure my MS outlook the it prompts user name and password again and again showing error "
    Server responded -ERR access denied"  and if i login windows 8.1 with its local administrator user the all runs file then ms outlook does
    not prompt for username and password. this problem with only windows 8.1 domain login.. please suggest what to do and how this problem will be resolved..
    Regards
    sandeep Kumar

    Hi,
    Did it work correctly before when logging in with domain user account? If so, please try opening Control Panel > Credential Manager and remove the cached credential entry of the Outlook account, and then restart Outlook to test the issue again.
    See:
    https://support.microsoft.com/en-us/kb/2762344/en-us
    Please also try logging into your email account from webmail access to see if there is any error.
    Please let me know the result.
    Regards,
    Steve Fan
    TechNet Community Support
    It's recommended to download and install
    Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
    programs.
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

  • I have OS X 10.8.5 and try access to Windows Server 2008R2

    I have OS X 10.8.5 and try access to Windows Server 2008R2. Can help me with the steps to do it. Actually at connect show the message "Error de conexion  compruebe que gestion remota en el panel compartir de preferencias del sistema esté activado en el ordenador al que intenta conectarse. Compruebe tambien que su conexcion de red funciona correctamente.
    I can connect to Windows Server 2008r2 with other programs like 2X or Cord but can't copy o move files, for these reasons I'd buy Apple  Remote Desktop but had the problem of conection.
    Thanks for your answer.
    JLC

    JLC - have you tried http://www.microsoft.com/mac/remote-desktop-client ? I have been using this and CORD for quite some time with success. As long as you configure to allow access to local filesystem, you can transfer filtes to/from the Windows server you are connecting to.
    EDIT: actual download page for client is:
    http://www.microsoft.com/en-us/download/details.aspx?id=18140
    One thing to note though, since I updated my MBP to 10.8.5, copy/paste of text has not worked for me with either of those RDP clients.

  • Does simple file and folder sharing on an iMac work with OSX Server?

    Hi There
    I wonder if I should install OSX Server on an iMac wher several users work on the same files and folders.
    My question - before I do something I might regret:
    Does simple file and folder sharing on an iMac within several users really work with the help of OSX Server?
    All I want to be able to do:
    Admin creates a new folder1 and gives it read- and write access for user1 and user2.
    User1 creates a subfolder1 in folder1, and a document1 in subfolder1.
    User2 edits document1. Later Admin edits document1.
    All these simple editing of files and folders (and subfolders) within a main folder should be possible. This is not possible now.
    Is everything clear? I'm not a network specialist or something, I just want to give some co-workers access to some data on my computer without problems.

    So what you need are recursive permissions.
    I suggest you create a group and add user1 and user2 to that group. You can name that group whatever you want, but for now i will call it FSUsers
    Execute this in terminal. Replace FSUsers with your new group
    sudo chmod -R +a "FSUsers allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextat tr,writeextattr,readsecurity,file_inherit,directory_inherit" /Users/Shared/*
    Replace /Users/Shared with the location of your shared folder. Make sure you keep the /* at the end (this allows all subfolders and files to get the same permissions.
    If you need to add people to the share just add them to the FSUsers group, the FSUsers group should should also be allowed in the sharing preferences.

  • Can I connect to a windows server to veiw and download files to mark and return to server??

    Can I connect to a windows server to download and view files and return to server???

    I use the FTP on the Go Pro app to do just this. I don't know what kind of servers I connect to though but I've not had any problems connecting.
    I connect and select a file. I update the file, then tap save. The file is uploaded back to the server and the original version is ved just in case I might need it.

  • BackUp on Windows Server 2008R2 (Both OS, apps and system users)

    Hi all,
    I am a new users on Windows server 2008R2 now. And I am about to backup the OS. So, may I know if i used Window Server Backup function, will the operation be backing up not only OS and apps but also the system users?
    If the backup service can't backup the system users, is there any exclusive way to backup users list?
    I'm fresh in using Windows Server 2008R2, please help me out. Thanks in advance....

    Hi,
    When you do a "system state" backup, the Local Users and Groups are also backup. For more detailed information, please refer to the thread below:
    How do I manually export the Local User Accounts Database? Standalone Windows Server 2008 R2
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/4012d976-ffae-4563-bd22-dec5e9a86d61/how-do-i-manually-export-the-local-user-accounts-database-standalone-windows-server-2008-r2?forum=winservergen
    Regards,
    Mandy
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Cisco SG 200-08 and Windows Server 2008R2 as Radius

    Hello.  I'm having some issues using Cisco SG 200-08 switches for 802.1X authentication. I would be very grateful for some help:
      1. Will Cisco implement any other way to authenticate supplicant port other than EAP-MD5 method? I'm using those switches to implement 802.1X authentication in my network and my RADIUS server is a Windows Server 2008R2 machine. I've actually had to make a registry hack (instructions from:  http://social.technet.microsoft.com/Forums/en/winserverNAP/thread/e801bdac-9347-4efb-9d7c-bcf4d64aa927  ) to enable MD5 on WS2008R2. I've alse read that this method is old and insecure and everyone suggest using some safer authentication method but I simply can't. Can someone tell me please will Cisco implement any other authentication methods in those switches or should I buy any other hardware.

    Hello Scott
    Thanks a lot for your answer, i have followed the document as example and i had some problems matching the network policy on the NPS due to the NPS has connection request policies and network policies for setting up, understanding that one is for authentication and the other one for authorization,  additionaly, other issue was when duplicated the certificate template, i had to use the certificate issued by default on the CA for requesting a new certificate for the NPS Server.
    After days looking for figuring up this issues, it has worked well. As you told me, the configuration on the Wireless Controller was the easy part, the issue come up when i started working on the NPS as Radius Server.
    One more thing, for applying FlexConnect or HREAP for the Remote APs that i have distributed on my branch offices, should i use other WLAN configured on the Wireless Controller or with the same WLAN use for all the user is enough applying the parameters for getting work with HREAP?
    I would appreciate any help fot getting work with HREAP.
    Thanks a lot.
    Alexis

  • Is hard drive file and folder compression lossy - Windows XP

    If I archive my projects from an uncompressed drive to one that has a NTFS format with File and Folder Compression enabled, will the compression process reduce the quality of the video? Obviously, I'd like to utilize the space on the archive hard drive as much as possible, but I do not want to lose any quality of my projects.

    <[email protected]> wrote in message<br />news:[email protected]<br /><br />> If I archive my projects from an uncompressed drive to<br />> one that has a NTFS format with File and Folder<br />> Compression enabled, will the compression process reduce<br />> the quality of the video?<br /><br />Nom, but it won't reduce the size of files significantly, either.<br /><br />> Obviously, I'd like to utilize<br />> the space on the archive hard drive as much as possible,<br />> but I do not want to lose any quality of my projects.<br /><br />NTFS compression is lossless compression. That means that writing and <br />reading via it will be bit-perfect. Look at it this way, if even one bit of <br />an executable  program's .EXE file gets changed, the whole program can fail.<br /><br />NTFS file compression trades CPU cycles for disk space.  If the file being <br />written is essentially uncompressible, then you lose the CPU cycles and get <br />no space back in return. IOW, you lost all those CPU cycles for nothing.<br /><br />Video files tend to be rather uncompressible because they are already <br />compressed. Even DV-AVI files are compressed pretty signficantly.<br /><br />I made a compressed folder and then copied 3 files to it.  I checked their <br />individual file properties made sure that their compressed flag was on in <br />advanced properties. The AVI and MPG files were only a tiny bit smaller, but <br />the text file shrunk by about 60%.<br /><br />The AVI file was 14.8 MB (15,613,870 bytes) uncompressed, and 14.6 MB <br />(15,376,384 bytes) compressed. That's less than a 2% improvement.

  • Windows to OS X file and folder organisation

    Hello,
    I have a question regarding the finder. MS Windows Explorer arranges files and folders by always placing folders at the top of the list. Is there a solution that allows OS X's finder window to arrange folders and (in column view) this way?
    Thanks in advance!

    rshelton
    No, you can't do this with the Finder. But you can with Pathfinder, it's an alternative to the Finder with rather more features.
    Regards
    TD

  • VPS windows server 2008r2 RDP security issue, need help!

    system: VPS windows server 2008r2 at a remote location, directly exposed to internet
    Administration is possible only via Remote
    Desktop.
    I cannot disable&replace the default administrator account with a different username...which means I get a lot of brute force attacks.
    I created rules in the firewall to limit the scope of the remote IP addresses, even limited the scope of the RDP rules down to my client IP address only.I tested the rules by trying to
    access the vps server from a wifi hotspot (starbucks was useful for once) and indeed I was not to rdp into myserver.
    Yet I still find Nigerian , chinese taiwanese iranian and so on based IP addresses in the event log under audit failures. 
    I didn't want to limit the ip scope, because if my ISP changed my IP address ,I'd lose access to my VPS server... then again, why are the Nigerians still getting in?
    Anyway,
    is there a way to replace the username and password login with a public/private key method like it is under Linux? Or perhaps is there a better solution?
    Hope someone can help.
    Thank you in advance! 
    Paolo

    So, your suggestion gave me an idea.
    First I discovered why the Nigerians could keep getting in....a rule for utorrent opened everything...! That rule is gone now.
    The idea is as following: lock the RDP to the one ip address I use but install a SSH server open to any IP address that mandates key pair based logon only,using a public/private key pair that I only obviously have.
    Brute force will never work on a key pair only login shell. Let them
    try it if they want. (Assuming nobody manages to crack my home network and steal my files :-)
    If my ISP changes my ipaddress, I can login via SSH and modify the firewall rule (which I tested already).
    Of course this works for people like me who just have a VPS server for personal use with a very clear knowledge from which ipaddress they access their server.
    Anyway..hahahah take this Nigerians & Co hackers!
    Ok thanks for your inspiring suggestion!

  • Stop 0x0000001e (0xffffffffc0000005, 0xfffff8800a07d7f0 - Windows Server 2008r2 SP1 patch level March 2014 - WinDbg probably caused by mrxsmb10.sys

    we run several Windows Server 2008r2 SP1 Enterprise as VM on two Stratus Avance xenserver based VM hosts. On both hosts we run a VM as file-server, RDS server including a little bit of DFS traffic. the underling physical machines are Intel based S5520UR
    with plenty full of needed resources, running since 2012 more or less without problems.
    Recently we on both physical hosts the STOP error 0x0000001e (0xffffffffc0000005, 0xfffff8800a07d7f0, 0x0000000000000000, 0x0000000000000000).
    This has happended now twice and we have no clue or idea why the Stop error arrives now were the VM is running for month without such an error.
    We have tried to analyze the problem with WnDbg and the result reported: Probably caused by : mrxsmb10.sys ( mrxsmb10!MRxSmbDeferredCreate+18a )
    We have searched for a solution and have identified some hotfixes which could be related to our problem
    Hotfix http://support.microsoft.com/kb/2521220/en-us
    and / or
    Hotfix http://support.microsoft.com/kb/2764302/en-us
    The latter one matches the typical use of the VMs in question, file-server function and a flat file based database system with corresponding file I/O. (However, no dramatic system load and approx. 20 concurrent users on the system.)
    The file NTFS.sys in the folder System32 are with a newer date and version as the version from the hotfix and we are not sure if this would be a good idea to replace it with the hotfix version.
    As we are a small cap company we could not test the outcome of such a change of essential OS files and we tend to stay away from this approach. On the other hand we have a high pressure to solve this issue as we have to rely on the function of this core
    system.
    WinDbg points us towards mrxsmb10.sys as a possible root cause, but my believe is limited and we have not the knowledge to understand the output of the memory dump file. (mrxsmb was over the last 15 years always a difficult “thing”!)
    Would someone so kind to point us to some useful steps or direct us to any helpful advise?
    Thank you!

    1. Share your minidump file - someone may see content and help.
    2. Consider this
    http://support.microsoft.com/kb/2521220
    3. Error description
    http://msdn.microsoft.com/en-us/library/windows/hardware/ff557408(v=vs.85).aspx
    Regards
    Milos

  • Can't Open Reports after upgrading to Windows Server 2008R2

    Since upgrading to Windows Server 2008R2, I am unable to use File > Open to browse my network for existing Crystal Reports.  I am able to access reports from my recent reports list.  If I use Windows Explorer to try to find/open an existing report file, I'm prompted for the installation disk.  Is this a known issue?  Thanks for your help.

    SP2 fully supports Windows 2008 Server, here's a link to the [platforms PDF|http://www.sdn.sap.com/irj/boc/index?rid=/library/uuid/00225757-ab5c-2c10-c1a8-fb9f9f0f4ac2&overridelayout=true] file:
    As for permissions this is something you need to setup with Windows and file sharing.
    Thank you
    Don

Maybe you are looking for