Big savings, Better ROI! Exclusive discounts on ManageEngine Products!* Boost your business *T&C apply
    Click here to shrink
    Click here to expand Click here to expand

    Configure object-level auditing - Manual configuration

    Using Windows shares

    Right-click on the share folder that you want to audit, select Properties, and then click on the Security tab → Select Advanced, and then click on the Auditing tab → For the Everyone group, add the following entries:

      Principal Type Access Applies To
    File/folder changes Everyone Success, Failure
    • Create files / Write Data
    • Create folders / Append data
    • Write attributes
    • Write extended attributes
    • Delete sub folders and files
    • Delete
    This Folder, sub folders, and files
    Folder permission and owner changes Everyone Success, Failure
    • Take ownership
    • Change permissions
    This Folder and sub folders
    File read Everyone Success, Failure
    • List folder / Read data
    Files only
    Folder read failure Everyone Failure
    • List folder / Read data
    This Folder and sub folders

    Using PowerShell cmdlets

    Go to the <installation directory>\bin folder within the PowerShell command prompt → Type in ADAP-Set-SACL.ps1 → Follow the steps to apply object-level auditing to shares on the file server.

    • Create a CSV file containing the Universal Naming Convention (UNC) path or local path and the type of auditing (file server auditing [FA] or file integrity monitoring [FIM]) of all the folders that you need to enable auditing for.
    • The CSV file should contain the list of folders in the following format: <folder>,<type>

      Example: \\SERVERNAME\folder,FA
      C:\test folder,FA
      E:\test folder,FIM
      \\SERVERNAME\c$\folder,FIM

      Once you have the CSV file that lists all the servers and the type of auditing required, go to the <Installation Directory>\bin folder within the PowerShell command prompt.

    Type in:

    .\ADAP-Set-SACL.ps1 -file '.\file name' -mode add (or) remove -recurse true (or) false -username DOMAIN_NAME\username

    Where

    parameter input variable mandatory
    -file name of the CSV file containing the list of shared folders yes
    -mode add - sets the object-level auditing settings
    (or)
    remove - removes the object-level auditing settings
    yes
    -recurse true - Replace all sub-folder object-level auditing settings with inheritable auditing settings applied to the chosen folder.
    (or)
    false - Apply object-level auditing settings only to the chosen folder 


    Note: By default, the -recurse parameter is set to false
    no
    -username DOMAIN_NAME\username of the user with privilege over the file or folder to set the object-level auditing settings.
    (No cross-domain support)
    no

    Note: When removing object-level auditing for a set of folders, the -type parameter is not mandatory.

    For example:

    • To set object-level auditing for the list of folders in the shared_folders_list.CSV file, use:
      .\ADAP-Set-SACL.ps1 -file '.\shared_folders_list.CSV' -mode add
    • To replace all sub-folder object-level auditing settings with inheritable auditing settings applied to the shared_folders_list.CSV file, use:
      .\ADAP-Set-SACL.ps1 -file '.\shared_folders_list.CSV' -mode add -recurse true
    • To remove object-level auditing for the list of folders in the shared_folders_list.CSV file, use:
      .\ADAP-Set-SACL.ps1 -file '.\shared_folders_list.CSV' -mode remove

    Configure object-level auditing - Manual configuration

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       

    On this page

    Get download link