Configuring Object Level Auditing for Windows/NetApp/EMC File Share Auditing

 To audit file and folder access, corresponding object level auditing must be applied on the Shared Folders.

You can do this in three ways

1. Automatically through product.

2. Manually on each shared folders.

3. Using Powershell script.

1.Automatically through product

1. Go to File Audit tab in the top bar.

2. Cilck Windows/EMC/NetApp File Server under Configured Server(s) in the left pane.

3. Click "View Configured File Shares Icon" on any file server in the table view of servers.

4. Select the respective shares and click Apply SACL button in right top corner.

   Note:Green Color- Object Level Auditing are set correctly.

   Red Color-Object Level Auditing are not set correctly/error occured while configuring.i you hover mouse over the share you can view the error code.

   Orange Color-Setting SACL is in progress

 

2.Manually on each Share Folders

1. For that, right-click the share folder that you want to audit, click Properties, and then click the Security tab.
2. Click Advanced, and then click the “Auditing” tab.
3. For the “Everyone” group, add the following entries.

	Principal	Type	Access	Applies To
File/Folder Changes	Everyone	Success and Failure	Create Files / Write Data Create Folders / Append Data Write Attributes Write Extended Attributes Delete Subfolders and Files Delete	This Folder, Subfolders and Files
Folder Permission and Owner Changes	Everyone	Success and Failure	Take Ownership Change Permissions	This Folder and Subfolders
File Read	Everyone	Success and Failure	List Folder / Read Data	Files Only
Folder Read Failure	Everyone	Failure	List Folder / Read Data	This Folder and Subfolders

4. Click on OK.
5. This will set SACLs for the Share selected.

3.Using Powershell Script

1. Go to '<Installation Directory>\bin' folder on the powershell command prompt.

2. Type 'ADAP-Set-SACL.ps1'.