System Logs in Windows
The following situations:
Your server storage lot important information for the departments in your organization, you often shared for the users in the department store and copy documents up to. But some users have no sympathy with Admin to delete the files and folders that you shared.
So how can you detect any User acted so?
Log is a system that allows you to review the events that occur in the system specifics such as: user, time, computers, services, time, user login, IP address, …
This section introduces tools available in Windows
In this tut, I illustration Windows Server 2008R2, I think windows server similar to window for client
You are shared folder C:\tailieu-annninhmang
Step 1: Set the Policy to enable features audit
If your PC is workgroup, you enter command gpedit.msc to open Local Group Policy
But if it is the Domain Controllers, you open Group Policy Managerment, display items as shown below.
Figure 1: Open the Group Policy Managerment tools
Next, right-click the item Audit Object Access
Next, run command to update Group Policy in Run windows: Gpupdate /force
With the group policy settings that you only enable this feature allows the system to record, after the system default settings will record the event with objects such as registry system … Also want a process to access folders saved on the folder must be set up in step 2
Step 2: Configure the shared folder and security
Right click on the “TAILIEU-ANNINHMANG” folder and select Properties
Configure shared folders with permission of Change
Step 3: Configure the folder to audit
Select Advanced, select Audit
Add your group to audit and select the items to be audit
Set the required inspection item
Step 4: Check the testing
You use another PC on the network access shared folders on the server and deliberately delete any folder
Step 5: Review the log
Go to Tools Server Manager, select Event Viewer as shown, we see
In the picture above shows the information about the User’s test, the action is DELETE folder encryption and some other important information.
Thanks for you!
Lượt xem (665)