The files accesses report display the following information for each access.
|
Access time |
Computer |
File path |
Access |
Type |
User name |
Domain |
In order to use the report you need to:
1- Activate the files access audit on your server
Windows NT 4: Administrative Tools>
User Manager for domain >
Policy > Audit
Check Audit these events
Check Success and Failure for Files
and objects access
Windows 2000/XP/2003/Vista/2008/7/2008 R2: Administrative
Tools> Local security policy
> Local policies >
Audit policy > Audit
object access
Check Success and Failure
Warning! The audit needs
some times a long time to be effective. In order to accelerate this, you
can execute the following command line: secedit
/refreshpolicy machine_policy on Windows 2000 or gpupdate
on Windows XP/2003/Vista/2008/7/2008 R2.
Warning! If defined
the domain security policy and the domain controller security policy override
the local policy.
2- Activate the audit on the folder/file
you want to monitor
Context menu of the folder/file: Properties
> Security > Advanced
> Auditing > Add
to add an audit
Choose the users or groups to monitor and choose the files operations to
monitor
3- Scan
concerned events
In the event log
section of the scan configuration add a filter for the event:560 with
Security as source in the Security log.
Alternatively you can load the event filter file "C:\Program
files\ISDecisions\WinReporter4\Templates\FileAccessEventFilter.xml"
with the context menu of the Event logs
section.
Then start the scan.
4- When the scan is done, select the report in the report tree
5- Configure the
filter. For example if you want
to see accesses for a specified user or if you want to see accesses on
a specified file.
The combo boxes display a list of all available field values in the database
according the other conditions. You can even choose the report
period with the From and To fields.
6- Click Launch to see the report.
Additional information:
The file access report use the events 560 (file open)
Dynamic parameters:
2: Object type = File
3: File path
7: User name
8: Domain name
14: Access type
15: Privilege