4. Privileges/permissions required for file server auditing
4.1 Make the user a member of the Power Users group
Members of the Power Users group will be able to discover shares residing on Windows file servers.
- Log in to your Domain Controller with Domain Admin privileges → Open the Group Policy Management Console → Right click on the "ADAudit Plus Permission GPO" → Edit.
- In the Group Policy Management Editor → Computer Configuration → Preferences → Control Panel Settings → Right click on Local Users and Groups → Add Local Group.
- In the New Local Group Properties wizard, select Update under Action → Select Power Users group under group name → Add the "ADAudit Plus" user.
3.2 Grant the user Group Management permissions
- Log in to your Domain Controller with Domain Admin privileges → Open Active Directory User and Computers → Right click on Users → Properties → Security → Advanced → Add "ADAudit Plus" user → Grant Create Group objects and Delete Group Objects permissions.
- Right click on group ADAuditPlusFS → Properties → Managed By → Add "ADAudit Plus" user.
- Right click on group ADAuditPlusWS → Properties → Managed By → Add "ADAudit Plus" user.
4.2 Grant the user Read permission on all audited shares
There are two ways to grant the user Read permission on all the audited shares-
Copyright © 2019, ZOHO Corp
. All Rights Reserved.