Click here to get back home

Utility to monitor who accesses a particular directory?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Utility to monitor who accesses a particular directory? MS 11-21-2006
Posted by MS on November 21, 2006, 11:15 am
Please log in for more thread options
 Hi, We have a directory with sensitive information that we would like to
monitor to see who accesses it and attempts to access it. I have auditing
enabled, but the logs are difficult to read and understand.

Ideally, I would like a program that monitors a directory, and writes to a
log file each time someone accesses it, or attempts to (we're in an AD
environment). It would be nice to be able to exclude the system and backup
accounts from being logged.

Does anyone know of a utility that can do this? Thanks,



Posted by Joe Richards [MVP] on November 21, 2006, 11:44 am
Please log in for more thread options
 I think you want to look at event log management type tools then that
can give you more of a spoon fed view. It would be silly to add another
device driver to do something that is already available.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


MS wrote:
> Hi, We have a directory with sensitive information that we would like to
> monitor to see who accesses it and attempts to access it. I have auditing
> enabled, but the logs are difficult to read and understand.
>
> Ideally, I would like a program that monitors a directory, and writes to a
> log file each time someone accesses it, or attempts to (we're in an AD
> environment). It would be nice to be able to exclude the system and backup
> accounts from being logged.
>
> Does anyone know of a utility that can do this? Thanks,
>
>

Posted by MS on November 21, 2006, 1:06 pm
Please log in for more thread options
Hmm... not a bad idea. Thanks for the input.



>I think you want to look at event log management type tools then that can
>give you more of a spoon fed view. It would be silly to add another device
>driver to do something that is already available.
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> Author of O'Reilly Active Directory Third Edition
> www.joeware.net
>
>
> ---O'Reilly Active Directory Third Edition now available---
>
> http://www.joeware.net/win/ad3e.htm
>
>
> MS wrote:
>> Hi, We have a directory with sensitive information that we would like to
>> monitor to see who accesses it and attempts to access it. I have auditing
>> enabled, but the logs are difficult to read and understand.
>>
>> Ideally, I would like a program that monitors a directory, and writes to
>> a log file each time someone accesses it, or attempts to (we're in an AD
>> environment). It would be nice to be able to exclude the system and
>> backup accounts from being logged.
>>
>> Does anyone know of a utility that can do this? Thanks,



Posted by jhalscott on November 27, 2006, 11:05 am
Please log in for more thread options
File System Auditor from ScriptLogic will accomplish this for you. It
doesn't create a log file though, it uses a SQL Server or MSDE backend,
so multiple servers can write to the same database. It also uses a mini
filter driver so it doesn't conflict with backup software or others
that use filter drivers. The filter driver enables File System Auditor
to audit access without having to turn on Object Access Auditing on the
server or parse event logs. It also lets you choose what you want to
audit on a folder by folder basis and offers scheduled reporting too.
Additionally you can exclude processes from being tracked, so for
instance backup programs and AV provgrams could be excluded easily.
Check it out:

http://www.scriptlogic.com/products/filesystemauditor/

Jaime Halscott
Lead Systems Engineer
ScriptLogic Corporation

MS wrote:
> Hi, We have a directory with sensitive information that we would like to
> monitor to see who accesses it and attempts to access it. I have auditing
> enabled, but the logs are difficult to read and understand.
>
> Ideally, I would like a program that monitors a directory, and writes to a
> log file each time someone accesses it, or attempts to (we're in an AD
> environment). It would be nice to be able to exclude the system and backup
> accounts from being logged.
>
> Does anyone know of a utility that can do this? Thanks,


Similar ThreadsPosted
auditing active directory not working properly directory serviceaccess October 21, 2005, 7:47 pm
Monitor Access To A Particular Share September 1, 2005, 8:25 am
Monitor File Access February 12, 2007, 12:09 pm
Monitor Access To A Particular Share February 18, 2007, 6:07 pm
Performance Monitor Users Group June 17, 2005, 8:09 am
Server 2003 change monitor? November 3, 2005, 10:14 am
Security Requirements for Performance Monitor February 10, 2008, 8:49 pm
Linking PKI directory accounts with Active Directory? February 11, 2007, 5:29 am
How do I monitor file access rights on Win2003? May 19, 2006, 2:20 am
How to monitor X509 client authentication in IIS 6 with capimon? December 14, 2006, 11:31 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap