Auditing Access To Files On Windows 7
Description
Know when a file is accessed or when it is opened can improve your security. In this post you will learn how to do it using Windows 7.
Solution
1. Press Windows Key + R, type gpedit.msc and press enter.
This command opens the Local Computer Policy. In the left pane you will see:
2. In the left pane expands Computer Configuration, Windows Settings, Security Settings an go to Audit Policy.
This is what you will see:
3. Double click over Audit object Access:
4. Select Success, you can select failure too but in this case we only want to know if someone access a file.
5. Press Ok.
6. Go to the file you want to audit. In our case a file named file.txt at c:\utils. Right click and select properties.
7. Go to Security Tab:
8. Press Advanced, go to auditing tab, and press continue:
9. You need know to add the users you want to audit the access to the file. If you want all select everybody.
10. You will see a list of checking boxes in our case we select:
11. Press Ok in every window opens.
12. Open a close the file to create an event in the event viewer. Event viewer use the created events to setup the filter so you will need at least one.
13. Open Event Viewer. Press Windows Key +R. Type:
%windir%\system32\eventvwr.msc /s
press intro.
14. Press Create Custom View in the right pane:
15. Select Filter by log, and Security:
16. In event sources look for Microsoft Windows security auditing.
At the end you will see something like this:
17. On Task category select File System:
18. Select Audit Access on keywords:
19. Select a name for the filter and press ok on every window opens.
Related posts: