MCITP 70-640: Windows File Auditing - - vimore.org

MCITP 70-640: Windows File Auditing

MCITP 70-640: Windows File Auditing

YouTube

Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. This video will look at how to perform file and folder auditing in Windows 8. File and Folder auditing allows the administrator to configure which files and folders they would like to track access for. This video will look at how to configure File and Folder auditing to get the best results. http://itfreetraining.com/Handouts/70-640/Part3/FileAndFolderAuditing.pdf Demonstration To enable auditing on a particular file or folder, open the properties for that file and folder. In the properties, select the security tab and then select the advanced button. In the advanced dialog box select the auditing tab. This is where all the auditing options are found. If they do not appear, press the continue button to enable them. Once the options are enabled, press the add button to add audit entries. At the top of the add Window is the option Select a principal. This option will allow you to select the user or group that you want to audit. Under the principal option you have the type option. This can be configured to success, failure, or both. In the middle part of the Windows you can choose which permissions that you want to audit. For example, if you only want to audit when changes are made, you could select the permission write and that is all. You also have the option for show advanced permissions if you want to customize the option further than what is available. At the bottom of the screen is the option add a condition. This is a new feature in Windows 8 and Windows Server 2012. This option allows you to define and target auditing a lot better than ever before. This helps you capture the information you require rather than capture extra information that you do not require. Once you have configured which files and folders that you want to audit, auditing needs to be switched on using group policy. To configure the local group policy on a computer, you need to run GPEdit.msc. The auditing settings are found in the following location. Computer Configuration\Windows Settings\Security Settings\Local Polices\Audit Policy The setting that need to be configured for file and folder auditing is Audit object access. This can be configured to success, failure, or both. To View the information generated from File and Folder auditing, this can be done from the Event Viewer under Windows Logs\Security. Audit object access will record a lot of events in the event logs. These include events for the operating system opening and closing files and objects and also any other auditing settings that you have configured. One point to remember with auditing is that when an object is audited, future audit events may be suppressed. For example, if you audit read and write on a file, Windows will record the first read when the file is opened but will not record additional writes. These are filtered out automatically otherwise the log files would become quite large very fast. If you only want to audit write access, configure the auditing to only audit write access. This way, when a write is performed, the first write access will be recorded in the event viewer. Otherwise, if you are auditing read and write, a read access may be recorded first and write access will be filtered out and thus not recorded in the event viewer. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 370-372



MCITP 70-640: Active Directory Windows Auditing

This video will look at the concepts you need to understand in order to use Auditing in Windows. Once you understand the concepts of Auditing, the next two vide

YouTube

Monitor event logs

This video looks are how to look at the event log to troubleshoot problems on your computer. The event log contains information that is in valuable to troublesh

YouTube

Server 2016 And 2012 R2 - File And Folder Access Auditing And Monitoring

Server 2016 And 2012 R2 - File And Folder Access Auditing And Monitoring With many users in a server environment and with a lot of data that needs to be secure

YouTube

Subnetting

Welcome to the ITFreeTraining video on subnetting. Understanding how to subnet is essential if you want to deploy and maintain IPv4 networks. Access the video

YouTube

Windows Server 2012: Creating a Two-Node Cluster

Michael Otey discusses how to configure a two-node Windows Server 2012 cluster

YouTube

File Monitoring Software Program for File Auditing - PA File Sight

Follow along as we download the file auditing and file monitoring software program, PA File Sight. You can install and configure and have it up and running, rec

YouTube

Share and NTFS Permissions

This video will look at what happens to a user access when share and NTFS permissions are used together. Check out http://itfreetraining.com for more of our alw

YouTube

How to Use the Windows Event Viewer

http://spywarepreventionguy.com Just another brief How-To video about how to use the Windows Event Viewer to check for application and system warnings and erro

YouTube

Setting up Auditing in Windows Server 2012 R2

This video covers the basics of auditing in WIndows Server 2012 R2, including the Security log, using Group Policy to create audit policies, and the auditpol.ex

YouTube

Windows 2012 - Audit deleted Files

This video will demonstrate how to enable the object audit feature on a computer running windows 2012 in order the detect who deleted your files and folders. »

YouTube

NTFS File & Folder Permissions - Windows Server 2012 R2

This ittaster tutorial provides an overview of NTFS File & Folder permissions, and demonstrates how to set permissions in Microsoft Windows Server 2012 R2. #Win

YouTube

MCITP 70-640: Introduction To Active Directory

Active Directory is a system which offers centralized control of your computers. Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for th

YouTube

MCITP 70-640: Windows Auditing

Windows has a comprehensive auditing feature allowing you to track files and object access. In this video and the next 2 videos, auditing is looked at for Activ

YouTube

Windows 10 Object, File And Folder Auditing (also Windows 8.1) - Who Is Accessing Your Files?

In Windows 10 we should monitor who is accessing the files and folders on the computers. To be able to monitor and then view such events we need to enable obj

YouTube

Windows Server 2008: audit account logon events

This is a video about auditing account logon events. It records successful and failed account log on events to a Microsoft Windows server 2008 domain. In an Act

YouTube

MCSA Windows Server 2012\R2 Auditing Folder Access

In this video we cover how to set up an audit on a file and folder. as well as what to look for in event viewer to see the audit success.

YouTube

MCITP 70-640: Windows Security Settings and Security Templates

This video will look at the Security Settings that can be configured in Windows using Group Policy. The video also looks at how these settings can be imported a

YouTube

MCTS 70-680: Windows 7 Event Viewer

When troubleshooting problems in Windows 7, the event viewer will give you key information that will help you fix the system. This video looks at the different

YouTube

Replication in Active Directory

You've got all those domain controllers in your network. How do they share the same information so seamlessly? Here, StormWind Studios instructor and author Wil

YouTube

How to enable Global Object Access auditing in Windows Server 2008 R2

This video guides you on enabling global object access auditing in Windows Server machines such as Windows server 2008 R2. To enable object access auditing on W

YouTube