Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

 

How to check file integrity

Continuous file integrity monitoring enables an organization to protect critical assets by keeping track of every file access. This helps IT administrators detect anomalous activities, meet compliance requirements, mitigate threats and accelerate forensic analysis in case of a mishap.

Download for Free
Free, fully functional 30-day trial
  • With Native AD Auditing

  • With ADAudit Plus

  • How to check Windows file integrity with ADAudit Plus
  • Once ADAudit Plus has been installed, it automatically configures audit policies required for Active Directory auditing.

  • To enable automatic configuration: Log in to the ADAudit Plus web console -->Domain Settings --> Audit Policy: Configure.

  • Changes in Windows file integrity can be identified by following the below mentioned steps:

    1. Login to ADAudit Plus.
    2. Select the required Domain from the dropdown list.
    3. Go to the Server Audit tab.
    4. Navigate to File Integrity Monitoring.
    5. Select All File or Folder Changes.
    how-to-check-windows-file-integrity-with-adaudit-plus-1 how-to-check-windows-file-integrity-with-adaudit-plus-2
  • ADAudit Plus enables IT administrators to have a comprehensive picture of all the activities that happen within an organization's network. The real-time monitoring and out-of-the-box reports generated by ADAudit Plus makes it easier to track changes made to critical files and folders, and detect inappropriate access and prevent mishaps.

With native AD auditing, here is how you can monitor file integrity:

  • Step 1: Enable required audit policies
  • Launch Server Manager in your Windows Server instance.

  • Under Manage, select Group Policy Management and launch the Group Policy Management console.

  • Navigate to Forest ➔ Domain ➔ Your domain ➔ Domain Controllers.

  • Create a new GPO and link it to the domain containing the file to be monitored, or edit any existing GPO that is linked to the domain to open the Group Policy Management Editor.

  • Navigate to Computer Configuration ➔ Windows Settings ➔ Security Settings ➔ Advanced Audit Policy Configuration ➔ Object Access.

  • The Object Access lists all of its sub-policies in the right panel, as shown in the figure below.

  • Select the Audit File Systems and enable audit for Success events.

  • Click Applyand OK to close Properties window.

    how-to-check-file-integrity-1
  • Step 2: Enable auditing on files and folders
  • Open Windows Explorer, navigate to the file or folder you want to monitor.

  • Right-click the folder and select Properties.

    how-to-check-file-integrity-2
  • In the Properties window, go to the Security tab and select Advanced. After that select Auditing tab and click Add.

    how-to-check-file-integrity-3
  • Click on Select a principal.This will bring up a Select User, Computer or Group Window.

  • Type Everyone in the textbox and verify it with Check Names.

    how-to-check-file-integrity-4
  • The principal field in the Auditing Entry window now shows Everyone.

  • In theType drop-down select All to audit for both success and failure events.

  • In the Applies to drop-down choose This folder, subfolder and files. This allows the auditing of all the subfolders and files within the folder.

  • Select Full Controlin the Permissions section.

  • Click Apply,then OK, and close the console.

  • Step 3: View events in Event Viewer
  • In Event Viewer window, go to Windows Logs ➔ Security logs.

  • Click on Filter current logunder Actionin the right panel.

  • Search for Event ID 4656 that identifies file integrity changes.

  • You can double-click on the event to view Event Properties.

    how-to-check-file-integrity-5
  • These steps need to be repeated for all the files and folders to audit file integrity. Manually checking every event is time-consuming, inefficient and practically impossible for large organizations.

Native auditing becoming a little too much?

Simplify file integrity auditing and reporting with ADAudit Plus.

Get Your Free Trial Fully functional 30-day trial

Request 1-on-1 demo

  •  
  •  
  •  
  •  
  •  
  • -Select-
  • By clicking 'Submit' you agree to processing of personal data according to the Privacy Policy.

Thanks

One of our solution experts will get in touch with you shortly.

ADAudit Plus Trusted By