Tuesday , 21 March 2023
Home » English » System Logs in Windows

System Logs in Windows

System Logs in Windows

The following situations:

Your server storage lot important information for the departments in your organization, you often shared for the users in the department store and copy documents up to. But some users have no sympathy with Admin to delete the files and folders that you shared.

So how can you detect any User acted so?

System Logs

Log is a system that allows you to review the events that occur in the system specifics such as: user, time, computers, services, time, user login, IP address, …

This section introduces tools available in Windows

In this tutI illustration Windows Server 2008R2, I think windows server similar to window for client

On Server:

You are shared folder C:\tailieu-annninhmang

Step 1: Set the Policy to enable  features audit

If your PC is workgroup, you enter command gpedit.msc to open Local Group Policy

But if it is the Domain Controllers, you open Group Policy Managerment, display items as shown below.

default domain controllers

Figure 1: Open the Group Policy Managerment tools

audit object access

Next, right-click the item Audit Object Access

Next, run command to  update Group Policy in Run windows:  Gpupdate /force

group policy update

With the group policy settings that you only enable this feature allows the system to record, after the system default settings will record the event with objects such as registry system … Also want a process to access folders saved on the folder must be set up in step 2

Step 2: Configure the shared folder and security

Right click on the “TAILIEU-ANNINHMANG” folder and select Properties

config audit folder1

Configure shared folders with permission of Change

share config

Step 3: Configure the folder to audit 

Select Advanced, select Audit

audit policy1

Add your group to audit and select the items to be audit

select group or user

Set the required inspection item

check permissions audit

Step 4: Check the testing

You use another PC on the network access shared folders on the server and deliberately delete any folder


Step 5: Review the log

Go to Tools Server Manager, select Event Viewer as shown, we see

security log

In the picture above shows the information about the User’s test, the action is DELETE folder encryption and some other important information.


Thanks for you!

See more: Install Mod Security on IIS7.5 (Windows 2008R2)

Lượt xem (672)

About Nguyễn Thanh Sơn

Nguyễn Thanh Sơn
Network Security, Web Design, Computer Science

Xem thêm


Configuring Topology network equipment Juniper

Continue with the basic article on Juniper devices, network security today actual models configured with: …

Để lại bình luận:

Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *