Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

 

Configure object-level auditing

To audit file and folder access, corresponding object-level auditing must be applied to shared folders. This can be achieved in three ways:

  • Automatic configuration
  • Manual configuration
  • Using PowerShell cmdlets

Using PowerShell cmdlets

Go to the <installation directory>\bin folder within the PowerShell command prompt → Type in ADAP-Set-SACL.ps1 → Follow the steps to apply object-level auditing to shares on the file server.

  • Create a CSV file containing the Universal Naming Convention (UNC) path or local path and the type of auditing (file server auditing [FA] or file integrity monitoring [FIM]) of all the folders that you need to enable auditing for. 
  • The CSV file should contain the list of folders in the following format: <folder>,<type>
    Example:
    \\SERVERNAME\folder,FA
    C:\test folder,FA
    E:\test folder,FIM
    \\SERVERNAME\c$\folder,FIM
    Once you have the CSV file that lists all the servers and the type of auditing required, go to the <Installation Directory>\bin folder within the PowerShell command prompt.

Type in:
     .\ADAP-Set-SACL.ps1 -file '.\file name' -mode add (or) remove -recurse true (or) false -username DOMAIN_NAME\username

Where

parameter input variable mandatory
-file name of the CSV file containing the list of shared folders yes
-mode add - sets the object-level auditing settings
(or)
remove - removes the object-level auditing settings
yes
-recurse true - Replace all sub-folder object-level auditing settings with inheritable auditing settings applied to the chosen folder.
(or)
false - Apply object-level auditing settings only to the chosen folder 


Note: By default, the -recurse parameter is set to false
no
-username DOMAIN_NAME\username of the user with privilege over the file or folder to set the object-level auditing settings.
(No cross-domain support)
no

Note: When removing object-level auditing for a set of folders, the -type parameter is not mandatory.

For example:

  • To set object-level auditing for the list of folders in the shared_folders_list.CSV file, use:
           .\ADAP-Set-SACL.ps1 -file '.\shared_folders_list.CSV' -mode add
  • To replace all sub-folder object-level auditing settings with inheritable auditing settings applied to the shared_folders_list.CSV file, use:
           .\ADAP-Set-SACL.ps1 -file '.\shared_folders_list.CSV' -mode add -recurse true
  • To remove object-level auditing for the list of folders in the shared_folders_list.CSV file, use:
           .\ADAP-Set-SACL.ps1 -file '.\shared_folders_list.CSV' -mode remove
Object level auditing - automatic

ADAudit Plus Trusted By