How to Audit Shared Folder Access Changes (2024)

  • Step 1: Enable 'Audit object access' policy

  • Launch the Group Policy Management console (Run --> gpedit.msc)

  • Create a new GPO and link it to the domain containing the file server or edit the existing GPO that is linked to the relevant domain.

    See Also
    How to Check Files and Folders Permissions in WindowsAn Easy Way To Check If Your Files Have Been Accessed By Someone ElseHow to Detect File Changes in a Shared FolderHow to see what users are accessing a file

  • Navigate to Computer Configuration -> Windows Settings -> Security Settings ->Local Policies -> Audit Policy.

  • Under Audit Policy, select 'Audit object access' and turn auditing on for both success and failure.

    See Also
    Track changes for users and shared drives  |  Google Drive  |  Google for Developers

    How to Audit Shared Folder Access Changes (1)

  • Navigate to Advanced Audit Policy Configuration -> Audit Policies-> Object access. Turn on auditing for 'Audit file system' and 'Audit handle manipulation'.

    How to Audit Shared Folder Access Changes (2)
  • Step 2: Edit auditing entry in the respective file/folder

    Locate the file or folder for which you wish to track all the accesses. Right click on it and go to Properties. Under the Security tab click Advanced.

    How to Audit Shared Folder Access Changes (3)

  • In Advanced Security Settings, go to the Auditin tab and click Add to add a new auditing entry.

    How to Audit Shared Folder Access Changes (4)

  • In the Auditing Entry for Active Directory dialog box, enter the following details:

    1. Principal: Enter the names of the users whose access you wish to audit.
    2. Type: Select the type of access you want to audit. It is preferable to audit "All" changes.
    3. Applies to: Select whether you want to audit access only on this file, or on all sub folders and files.
    4. Basic permissions: Choose the types of permissions you want to audit. Click the Advanced permissions button and choose “Traverse Folder/Execute File”, “List Folder/Read data”, “Read attributes”, and “Read extended attributes” .
    How to Audit Shared Folder Access Changes (5)
  • Step 3: View audit logs in Event Viewer

    Every time a user accesses the selected file/folder, and changes the permission on it, an event log will be recorded in the Event Viewer. To view this audit log, go to the Event Viewer. Under Windows Logs, select Security. You can find all the audit logs in the middle pane as displayed below.

    How to Audit Shared Folder Access Changes (6)

  • To filter the event logs to view just the logs about the file/folder permission changes, select Filter Current Log from the right pane. Simply search for the event ID 4656 and 4663 which indicate file/folder permission changes. You can see who accessed the file in “Account Name” field and access time in “Logged” field.

    How to Audit Shared Folder Access Changes (7)
    • How to Audit Shared Folder Access Changes (2024)
    Top Articles
    Should You Get a Student Credit Card? | BestColleges
    UGMA vs. UTMA: Which college savings account is best for you?
    Cold Air Intake - High-flow, Roto-mold Tube - TOYOTA TACOMA V6-4.0
    Research Tome Neltharus
    Fort Carson Cif Phone Number
    Culver's Flavor Of The Day Wilson Nc
    Ribbit Woodbine
    Best Cheap Action Camera
    10000 Divided By 5
    Nyuonsite
    Publix 147 Coral Way
    Brenna Percy Reddit
    Whitley County Ky Mugshots Busted
    Trini Sandwich Crossword Clue
    D10 Wrestling Facebook
    Tcu Jaggaer
    Spergo Net Worth 2022
    Everything We Know About Gladiator 2
    Cbssports Rankings
    Aerocareusa Hmebillpay Com
    Masterkyngmash
    Encyclopaedia Metallum - WikiMili, The Best Wikipedia Reader
    Craigslist Lake Charles
    Craigslist Panama City Beach Fl Pets
    Spiritual Meaning Of Snake Tattoo: Healing And Rebirth!
    Plost Dental
    Workshops - Canadian Dam Association (CDA-ACB)
    Urbfsdreamgirl
    4 Methods to Fix “Vortex Mods Cannot Be Deployed” Issue - MiniTool Partition Wizard
    Harbor Freight Tax Exempt Portal
    manhattan cars & trucks - by owner - craigslist
    What are the 7 Types of Communication with Examples
    Napa Autocare Locator
    Moonrise Time Tonight Near Me
    Wcostream Attack On Titan
    Rust Belt Revival Auctions
    Daily Journal Obituary Kankakee
    CVS Near Me | Somersworth, NH
    Muziq Najm
    Tokyo Spa Memphis Reviews
    Crazy Balls 3D Racing . Online Games . BrightestGames.com
    FREE - Divitarot.com - Tarot Denis Lapierre - Free divinatory tarot - Your divinatory tarot - Your future according to the cards! - Official website of Denis Lapierre - LIVE TAROT - Online Free Tarot cards reading - TAROT - Your free online latin tarot re
    Booknet.com Contract Marriage 2
    Dickdrainersx Jessica Marie
    Senior Houses For Sale Near Me
    Walmart Careers Stocker
    Conan Exiles Colored Crystal
    Cara Corcione Obituary
    Paradise leaked: An analysis of offshore data leaks
    1990 cold case: Who killed Cheryl Henry and Andy Atkinson on Lovers Lane in west Houston?
    Call2Recycle Sites At The Home Depot
    Latest Posts
    most profitable validator nodes | BTCC Knowledge
    Ethan Plaths Job on 'Plathville' Allows Him to Make a Good Living
    Article information

    Author: Geoffrey Lueilwitz

    Last Updated:

    Views: 6201

    Rating: 5 / 5 (80 voted)

    Reviews: 87% of readers found this page helpful

    Author information

    Name: Geoffrey Lueilwitz

    Birthday: 1997-03-23

    Address: 74183 Thomas Course, Port Micheal, OK 55446-1529

    Phone: +13408645881558

    Job: Global Representative

    Hobby: Sailing, Vehicle restoration, Rowing, Ghost hunting, Scrapbooking, Rugby, Board sports

    Introduction: My name is Geoffrey Lueilwitz, I am a zealous, encouraging, sparkling, enchanting, graceful, faithful, nice person who loves writing and wants to share my knowledge and understanding with you.