Hello,
I've been trying to figure out why I cannot audit the failed access to files and folders on my server. I'm trying to replace a unix-based NAS with a Windows Storage Server 2008 R2 solution so I can use my current audit tools (the 'nix NAS has basically none). I'm looking for a solution for a small remote office with 5-10 users and am looking at Windows Storage Server 2008 R2 (no props yet, but on a Buffalo appliance). I specifically need to audit the failure of a user to access folders and files they are not supposed to view, but on this appliance it never shows. I have:
- Enabled audit Object access for File system, File share and Detailed file share
- Set the security of the top-level share to everyone full control
- Used NTFS file permissions to set who can/cannot see particular folders
- On those folders (and letting those permissions flow down) I've set the auditing tab to "Fail - Everyone - Full Control - This folder, subfolders and files"
On the audit log I only see "Audit Success" messages for items like "A network share object was checked to see whether client can be granted desired access (Event 5145) - but never a failure audit (because this user was not allowed access by NTFS permissions).
I've done this successfully with Windows Server 2008 R2 x64 w/SP1 and am wondering if anybody has tried this with the Windows Storage Server version (with success of course). My customer wants an inexpensive "appliance" and I thought this new variant of 2008 was the ticket, but I can't if it won't provide this audit.
Any thoughts? Any of you have luck with this? I am (due to the fact I bought this appliance out of my own pocket) using the WSS "Workgroup" flavor and am wondering if this feature has been stripped from the workgroup edition of WSS.
TIA,
--Jeffrey