Auditing Access to Sensitive Data

by Mitch Tulloch [Published on 6 July 2005 / Last Updated on 6 July 2005]

How to see who's accessing sensitive files on a server.

If you want to see who's trying to access a folder of sensitive files on your file server, you can enable the Audit Object Access audit policy under Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy in the appropriate GPO. Then use the ACL editor on the Security tab of the folder's properties sheet and specify which groups of users you want to audit accessing the folder.

If you want to detect unauthorized attempts at accessing the files, enable Failure auditing in the policy and audit Read permissions in the ACL.

If you want to see who is accessing the files and modifying them, enable Success auditing in the policy and audit Write and Append permissions in the ACL.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see www.mtit.com .

Latest Contributions

Featured Links