Quantcast
Channel: File Services and Storage Forum
Viewing all articles
Browse latest Browse all 1766

Auditing failed access to files and folders in Windows Storage Server 2008 R2

$
0
0

Hello,

I've been trying to figure out why I cannot audit the failed access to files and folders on my server.  I'm trying to replace a unix-based NAS with a Windows Storage Server 2008 R2 solution so I can use my current audit tools (the 'nix NAS has basically none).  I'm looking for a solution for a small remote office with 5-10 users and am looking at Windows Storage Server 2008 R2 (no props yet, but on a Buffalo appliance).  I specifically need to audit the failure of a user to access folders and files they are not supposed to view, but on this appliance it never shows.  I have:

  • Enabled audit Object access for File system, File share and Detailed file share
  • Set the security of the top-level share to everyone full control
  • Used NTFS file permissions to set who can/cannot see particular folders
  • On those folders (and letting those permissions flow down) I've set the auditing tab to "Fail - Everyone - Full Control - This folder, subfolders and files"

On the audit log I only see "Audit Success" messages for items like "A network share object was checked to see whether client can be granted desired access (Event 5145) - but never a failure audit (because this user was not allowed access by NTFS permissions).

I've done this successfully with Windows Server 2008 R2 x64 w/SP1 and am wondering if anybody has tried this with the Windows Storage Server version (with success of course).  My customer wants an inexpensive "appliance" and I thought this new variant of 2008 was the ticket, but I can't if it won't provide this audit.

Any thoughts? Any of you have luck with this?  I am (due to the fact I bought this appliance out of my own pocket) using the WSS "Workgroup" flavor and am wondering if this feature has been stripped from the workgroup edition of WSS.

TIA,

--Jeffrey





Viewing all articles
Browse latest Browse all 1766

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>