If you go ahead and create a file or simply open the folder and click the Refresh button in the Event Viewer (the button with the two green arrows), you’ll see a bunch of events in the category of File System.
Click on the Security section and you’ll see a large listing of events on the right hand side: In order to view the events, you need to go to the Control Panel and click on Administrative Tools. And now you have successfully configured auditing on a folder! So you might ask, how do you view the events? Now click OK and click OK again and OK one more time to get out of the multiple dialog box set. This way, whatever is done to that folder or the files within it, you will have a record. To make things easier, I suggest selecting Full Control, which will automatically select all the other options below it. You can individually choose which types of activity you want to track, such as deleting or creating new files/folders, etc. Here is where you’ll select what you want to watch for this folder. This is the real meat of what we’ve been wanting to do. The box will automatically update with the name of the local users group for your computer in the form COMPUTERNAME\Users.Ĭlick OK and now you’ll get another dialog called “ Audit Entry for X“. In the box, type in the word “ users” and click Check Names. A dialog will appear asking you to select a User or Group.
/cloudfront-us-east-2.images.arcpublishing.com/reuters/AR4AVT7RUVNOBJ3L7GRHN2J4UU.jpg "how to check when usb was last accessed")
This is where we’ll actually configure what we want to monitor for this folder. Now click on the Advanced button and click on the Auditing tab. Click on the Security Tab and you see something similar to this: In Explorer, right click on the folder and click Properties. Now navigate to the folder using Windows Explorer that you would like to monitor. You can close out of the Group Policy console now. Now the next step is to tell it what EXACTLY we want to track. Click OK and now we’re done the first part which is telling Windows that we want it to be ready to monitor changes. Now check the setting for Audit Object Access by double clicking on it and selecting both Success and Failure. Audit policy is what controls whether or not the operating system is configured and ready to track changes. Now you’ll see a set of policies and their current settings on the right hand side. I’m not going to explain much of the other settings here since this is primarily focused on auditing a folder. In our case we’re going to want our setting to be for all users, so we’ll expand the Computer Configuration section.Ĭontinue expanding to Windows Settings -> Security Settings -> Local Policies -> Audit Policy. As you might have guessed, the user policies control the settings for each user whereas the computer settings will be system wide settings and will effect all users. There are two main categories of policies: User and Computer.
0 kommentar(er)
