Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Log & Event Manager (LEM) > LEM Administrator's Guide > Enable Windows file auditing for use with LEM

Enable Windows file auditing for use with LEM

Updated: September 15, 2017

Enable file auditing in Windows to monitor events related to users accessing, modifying, and deleting sensitive files and folders on your network. To maximize the value of this type of auditing, enable auditing on a file server on which you have installed a LEM Agent, and only for the specific files and folders you want to monitor. If you enable auditing on all files or folders, or even a large number of them, you will create an unnecessary burden on LEM.

Complete the two-part process below to first enable object auditing on your server, and then enable file auditing on the files and folders that you want to audit. Provided Windows is logging the events and your server has a LEM Agent installed on it, the LEM console will begin displaying the new file auditing alerts immediately.

To enable object auditing in Windows

  1. Open Administrative Tools > Local Security Policy.
  2. Expand Local Policies and click Audit Policy in the left pane.
  3. Select Audit object access in the right pane, and then click Action > Properties.
  4. Select Success and Failure.
  5. Click OK.
  6. Close the Local Security Policy window.

To enable file auditing on a file or folder in Windows

  1. Locate the file or folder you want to audit in Windows Explorer.
  2. Right-click the file or folder and then click Properties.
  3. Click the Security tab.
  4. Click Advanced.
  5. Click the Auditing tab.
  6. If you are using Windows Server 2008, click Edit.
  7. Click Add.
  8. Enter the name of a user or group you want to audit for the selected file or folder, and click Check Names to validate your entry. For example, enter Everyone.
  9. Click OK.
  10. Select Success and Failure next to full control to audit everything for the selected file or folder.
  11. Optionally, clear Success and Failure for unwanted events, such as:
    • Read attributes
    • Read extended attributes
    • Write extended attributes
    • Read permissions
  12. Click OK in each window until you are back at the Windows Explorer window.
  13. Repeat these steps for all files or folders you want to audit.
Last modified

Tags

Classifications

Public