Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

 

Configure object-level auditing

To audit file and folder access, object-level auditing must be enabled. This can be achieved in three ways:

  • Using Windows shares
  • Using PowerShell cmdlets
  • Using Global Object Access Auditing

Using Global Object Access Auditing

  • Log in to any computer that has the GPMC with Domain Admin credentials. 
  • Open the GPMC and, based on your setup, right-click Default Domain Controllers Policy or ADAuditPlusMSPolicy or ADAuditPlusWSPolicy, and select Edit.
  • Note:

    To enable FIM on Right-click
    Domain controller Default Domain Controllers Policy GPO
    Windows server ADAuditPlusMSPolicy GPO
    Workstation ADAuditPlusWSPolicy GPO

  • In the Group Policy Management Editor, go to Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Global Object Access Auditing > File system > Define this policy setting > Configure. For the Everyone group, add the following entries:

  •   Principal Type Access Applies To
    File/folder changes Everyone Success, Failure
    • Create files / Write data
    • Create folders / Append data
    • Write attributes
    • Write extended attributes
    • Delete subfolders and files
    • Delete
    This folder, subfolders, and files
    Folder permission and owner changes Everyone Success, Failure
    • Take ownership
    • Change permissions
    This folder and subfolders

Where:

Parameter Input variable Mandatory
-mode The name of the CSV file containing the list of shared folders. Yes
-file Add: Sets the object-level auditing settings.
(or)
Remove: Removes the object-level auditing settings.
Yes
-recurse True: Replace all subfolder object-level auditing settings with inheritable auditing settings applied to the chosen folder.
(or)
False: Apply object-level auditing settings only to the chosen folder. 
Note: By default, the -recurse parameter is set to false.
No
-username DOMAIN_NAME\username: The user with the privileges to set the object-level auditing settings for the file or folder
(no cross-domain support).
No

For example

  • To set object-level auditing for the list of folders in a CSV file named folders.CSV, use:
    .\ADAP-Set-SACL.ps1 -file '.\folders.CSV' -mode add
  • To replace all subfolder object-level auditing settings with inheritable auditing settings applied to a CSV file named folders.CSV, use:
    .\ADAP-Set-SACL.ps1 -file '.\folders.CSV' -mode add -recurse true
  • To remove object-level auditing for the list of folders in a CSV file named folders.CSV, use:
    .\ADAP-Set-SACL.ps1 -file '.\folders.CSV' -mode remove

ADAudit Plus Trusted By

A single pane of glass for complete Active Directory Auditing and Reporting