Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

 

Configure object-level auditing

To audit file and folder access, object-level auditing must be enabled. This can be achieved in three ways:

  • Using Windows shares
  • Using PowerShell cmdlets
  • Using Global Object Access Auditing

Using PowerShell cmdlets

  • Create a CSV file containing the Universal Naming Convention (UNC) path or local path and the type of auditing (FIM) of all the folders that you want to enable auditing for.
  • The CSV file should contain the list of folders in the following format: <folder>,<type>
    For example:
    E:\test folder,FIM
    \\SERVERNAME\c$\folder,FIM
  • Note:
    When removing object-level auditing for a set of folders, the <type>strong> parameter is not mandatory.

    Once you have the CSV file that lists all the servers and the type of auditing required, go to the <Installation Directory>\bin folder within the PowerShell command prompt and type in:
    .\ADAP-Set-SACL.ps1 -file '.\file name' -mode add (or) remove -recurse true (or) false -username DOMAIN_NAME\username

Where:

Parameter Input variable Mandatory
-mode The name of the CSV file containing the list of shared folders. Yes
-file Add: Sets the object-level auditing settings.
(or)
Remove: Removes the object-level auditing settings.
Yes
-recurse True: Replace all subfolder object-level auditing settings with inheritable auditing settings applied to the chosen folder.
(or)
False: Apply object-level auditing settings only to the chosen folder. 
Note: By default, the -recurse parameter is set to false.
No
-username DOMAIN_NAME\username: The user with the privileges to set the object-level auditing settings for the file or folder
(no cross-domain support).
No

For example

  • To set object-level auditing for the list of folders in a CSV file named folders.CSV, use:
    .\ADAP-Set-SACL.ps1 -file '.\folders.CSV' -mode add
  • To replace all subfolder object-level auditing settings with inheritable auditing settings applied to a CSV file named folders.CSV, use:
    .\ADAP-Set-SACL.ps1 -file '.\folders.CSV' -mode add -recurse true
  • To remove object-level auditing for the list of folders in a CSV file named folders.CSV, use:
    .\ADAP-Set-SACL.ps1 -file '.\folders.CSV' -mode remove

ADAudit Plus Trusted By

A single pane of glass for complete Active Directory Auditing and Reporting