How to configure Windows File Audit?
1. A new policy group is created.
2. Step Computer Configuration > Windows Settings > Security Settings > Advanced Audit Policies Configuration > Under Audit Policies
a) Audit File Share ( Success & Failure )
b) Audit File System ( Success & Failure )
c) Audit Handle Manipulation ( Success & Failure )
d) Audit kernel Object ( Success & Failure )
e) Audit Removable Storage ( Success & Failure )
Enable edilir.
2.
3. We are adding the server where we will perform the file audit process to the group policy.
4. The audit process is enabled for the folder that has been opened for sharing.
The demonstration is below with pictures of the settings above.
Step 1 Via FolSec
Configuration>File Server Configuration>We are making an edit of the File Server added to FolSec, click the Audit Settings Configuration Wizard button from the audit section.
Step 2
If we are going to set up a file audit in which folder, we select the folder and click on the "Apply Settings To Selecteds" button. FolSec sets up folder audits for us on our behalf.
Step 1 Through Windows
Step 2
Step 3
Step 4
5. Start run >>cmd >> gpupdate/force policy is enabled.
-
FOLSEC, Türkiye Siber Güvenlik Kümelenmesi üyesidir -
FOLSEC, Saha İstanbul üyesidir