Looking Who Last Accessed a File; Admin Tips


This tip is to monitor who last accessed a file and may be useful for you (Administrator). To be able to do that, you should enable auditing on a file.

To enable auditing, you have to enable auditing at the server level on the Windows security policy and then enable auditing on the particular object (in this case, a file) which you are interested.

Do the following to enable auditing at the server level:
  1. Press Windows Key + R and type "secpol.msc".
  2. In the left pane, expand Local Policy and click on Audit Policy.
  3. In the right pane, double-click Audit object access.
  4. Check the boxes beside Success or Failure (as needed).
  5. Click OK.
And the next step is, you must enable auditing on the target file or folder from "Windows Explorer".
  1. Open Windows Explorer.
  2. Browse to the files or folders you want to audit.
  3. Right-click and select Properties.
  4. Select Security > Advance > Auditing and click the Addbutton.
  5. Enter the user or group you wan to audit access for and click OK.
  6. In the Auditing Entry dialog box, select the type of access you want, click OK when you finish.
  7. Apply.
It’s look pretty to know who last accessed or modified a file or folder you have configured. Give attention when enabling auditing on a frequently accessed set of files or folders. The number of audit messages in the Security event log can grow quickly with just a few accesses of the file. So, think wisdom please.
Click to see detailed picture

2 comments: