System Logs in Windows

System Logs in Windows

The following situations:

Your server storage lot important information for the departments in your organization, you often shared for the users in the department store and copy documents up to. But some users have no sympathy with Admin to delete the files and folders that you shared.

So how can you detect any User acted so?

System Logs

Log is a system that allows you to review the events that occur in the system specifics such as: user, time, computers, services, time, user login, IP address, …

This section introduces tools available in Windows

In this tut, I illustration Windows Server 2008R2, I think windows server similar to window for client

On Server:

You are shared folder C:\tailieu-annninhmang

Step 1: Set the Policy to enable  features audit

If your PC is workgroup, you enter command gpedit.msc to open Local Group Policy

But if it is the Domain Controllers, you open Group Policy Managerment, display items as shown below.

Figure 1: Open the Group Policy Managerment tools

Next, right-click the item Audit Object Access

Next, run command to  update Group Policy in Run windows:  Gpupdate /force

With the group policy settings that you only enable this feature allows the system to record, after the system default settings will record the event with objects such as registry system … Also want a process to access folders saved on the folder must be set up in step 2

Step 2: Configure the shared folder and security

Right click on the “TAILIEU-ANNINHMANG” folder and select Properties

Configure shared folders with permission of Change

Step 3: Configure the folder to audit 

Select Advanced, select Audit

Add your group to audit and select the items to be audit

Set the required inspection item

Step 4: Check the testing

You use another PC on the network access shared folders on the server and deliberately delete any folder

Step 5: Review the log

Go to Tools Server Manager, select Event Viewer as shown, we see

In the picture above shows the information about the User’s test, the action is DELETE folder encryption and some other important information.

Thanks for you!

See more: Install Mod Security on IIS7.5 (Windows 2008R2)

Lượt xem (672)

Bài viết liên quan:

Hệ thống Logs Hide signal Wireless Install Mod Security on IIS7.5 (Windows 2008R2) Tự học MCSA bài 2: Group Policy – Windows Server 2012 R2 Why occasionally Access Point has Limited Access despite strong signal Tự học MCSA bài 3: Trình quản lý user và Group trên máy cục bộ (Local user and group) If you want to see the password wi-fi on laptop? Giới thiệu hệ thống Active Directory Windows Server 2012