Configuring Audit Policy for File Integrity Monitoring

Need to configure the following audit policy or advanced audit policy in the respective GPO.

  1. Open Group Policy Management Console(GPMC).
  2. Edit the respective GPO.(FIM on DomainControllers,FIM on Member Servers,FIM on Workstations)
  3. Configure required Advanced Audit Policies for 2008 and above servers(recommended). This settings can be found under
    1. Computer Configuration|Windows Settings|Security Settings|Advanced Audit Policy Configuration|System Audit Policies
      1. Audit File Shares: Select Object Access -> File System(Success,Failure),Handle Manipulation(Success,Failure),File Share(Success).
  4. Audit Polices required For Windows Member Server Auditing (for 2k3 and below servers)
    1. Computer Configuration|Windows Settings|Security Settings|Local Polices|Audit Policy
      1. Audit File Shares: Configure Object Access (Success).
Copyright © 2017, ZOHO Corp. All Rights Reserved.
ManageEngine