Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - EventsManager Section
  3. Articles

Configuring Auditing on Files, Folders, and Registry Keys

Overview

This article provides a step-by-step process on configuring auditing on files, folders, and registry keys.

Process

Enabling the object access auditing policy

  • Enabling auditing policy on the local machine:
    1. Open the Local Security Policy Configuration by choosing Start > Settings > Control Panel > Administrative Tools > Local Security Policy.
    2. Expand Local Policies > Audit Policy and open the 'Audit object access' properties.
    3. Enable the 'Succes' and 'Failure' checkboxes depending on the kind of auditing you want to have.
  • Opening object access auditing configuration for a group policy:
    1. Choose Start > Run > mmc.
    2. Choose File > Add/Remove Snap-in.
    3. Click on the Add button, select 'Group Policy Object Editor' from the list and click on Add.
    4. Choose the group policy you want to configure auditing for, then click Finish.
    5. Click Close.
    6. In the Group Policy Object Editor, expand Computer Configuration.
    7. Expand Windows Settings > Security Settings > Local Policies.
    8. Click Audit Policy and open the 'Audit object access' properties.
    9. Enable the 'Success' and 'Failure' checkboxes depending on the kind of auditing you want to have.
      • Note: In a domain environment, it is recommended to use Group Policies to enable Object Access Audit settings.

Enabling auditing on the file, folders or registry keys you need to monitor

  • Enabling auditing for a file/folder:
    1. In Windows Explorer, browse to the file/folder you want to enable Object Access auditing on.
    2. Right-click on the file/folder and choose Properties.
    3. Go to the Security tab.
    4. From the dialog box opened above, click on the Advanced button.
    5. Go to the Auditing tab and click on the Add button.
    6. Enter the users/groups you want to configure auditing for and click OK. To enable auditing for all users, you can select the "Everyone" Group.
    7. Select the kind of access you want to audit and click OK.
    8. Repeat steps 2 to 7 to add other users/groups.
  • Enabling auditing for a registry key:
    1. Open Regedit (Start > Run > Type Regedit and press Enter).
    2. Select the registry key that you want to enable auditing on.
    3. Right-click on the key and select Permissions.
    4. From the dialog box opened above, click on the Advanced button.
    5. Go to the Auditing tab and click on the Add button.
    6. Enter the users/groups you want to configure auditing for and click OK. To enable auditing for all the users, you can select the "Everyone" Group.
    7. Select the kind of access you want to audit and click OK.
    8. Repeat steps 2 to 7 to add other users/groups.

Related Articles

Apply or modify auditing policy settings for an object using Group Policy

Apply or modify auditing policy settings for a local file or folder

 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments