Old 08-13-2016, 04:43 PM #1
Junior Member
 
Join Date: Jul 2014
Posts: 11
Rep Power: 0
Keeley Royle is on a distinguished road
Keeley Royle Keeley Royle is offline
Junior Member
 
Join Date: Jul 2014
Posts: 11
Rep Power: 0
Keeley Royle is on a distinguished road
Default Windows file system

Hello! What do you guys use for auditing windows file system?? Is is necessary? Thanks!


Keeley Royle is offline   Reply With Quote










Old 08-13-2016, 11:44 PM #2
diachi's Avatar
Class 4 Laser
 
Join Date: Feb 2008
Location: Yellowknife, NT, Canada
Posts: 7,589
Rep Power: 12617
diachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond repute
Send a message via Skype™ to diachi
diachi diachi is online now
Class 4 Laser
diachi's Avatar
 
Join Date: Feb 2008
Location: Yellowknife, NT, Canada
Posts: 7,589
Rep Power: 12617
diachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond reputediachi has a reputation beyond repute
Send a message via Skype™ to diachi
Default Re: Windows file system

Quote:
Originally Posted by Keeley Royle View Post
Hello! What do you guys use for auditing windows file system?? Is is necessary? Thanks!
What kind of auditing are you looking for? Windows does have some audit functions built in: https://technet.microsoft.com/en-us/...(v=ws.11).aspx
__________________


445nm | Sanwu Laser Pocket Series | 400mW Metered
445nm | NDB7242E Pen Build | 60mW Metered | >>Build Thread<<
450nm | LaserPointerStore - Thor H2 | 1W(?) | Review Unit - Awaiting Arrival | >>LaserPointerStore Thread<<
488nm | Spectra Physics 163 Argon | ~30mW Metered
515nm | PL515 Pen Build | 50mW Metered | >>Build Thread<<
520nm | Laserlands 520 | 5mW | Review Unit | 3mW metered | >>Review<<
532nm | Gearbest 303 Pointer | 50mW Metered
532nm | Gearbest JD.850 Pointer | 30mW Metered (I think, need to re-test).
633nm | HeNe | 6mW
633nm | Spectra Physics 155 HeNe | <1mW >>Thread<<
650nm | Sanwu Laser Pocket Series | 200mW Metered
808nm | Melles Griot 532nm Lab Unit | No Crystals >10W | X2



Check out my Reddit Subreddit! >>/r/laserpointers<<

diachi is online now   Reply With Quote
Old 08-14-2016, 07:04 PM #3
Junior Member
 
Join Date: Aug 2016
Posts: 3
Rep Power: 0
Vikki Points is just really niceVikki Points is just really niceVikki Points is just really niceVikki Points is just really nice
Vikki Points Vikki Points is offline
Junior Member
 
Join Date: Aug 2016
Posts: 3
Rep Power: 0
Vikki Points is just really niceVikki Points is just really niceVikki Points is just really niceVikki Points is just really nice
Default Re: Windows file system

Hi! In order to track file and folder access on Windows Server 2008 it is necessary to enable file and folder auditing and then identify the files and folders that are to be audited. Once correctly configured, the server security logs will then contain information about attempts to access or otherwise manipulate the designated files and folders. It is important to note that file and folder auditing is only available for NTFS volumes. Yes, it is necessary.
Vikki Points is offline   Reply With Quote
Old 08-15-2016, 09:28 AM #4
Dreadnought's Avatar
Class 1 Laser
 
Join Date: Aug 2015
Location: United Kingdom
Posts: 71
Rep Power: 145
Dreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond repute
Dreadnought Dreadnought is offline
Class 1 Laser
Dreadnought's Avatar
 
Join Date: Aug 2015
Location: United Kingdom
Posts: 71
Rep Power: 145
Dreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond reputeDreadnought has a reputation beyond repute
Default Re: Windows file system

Quote:
Originally Posted by Vikki Points View Post
Hi! In order to track file and folder access on Windows Server 2008 it is necessary to enable file and folder auditing and then identify the files and folders that are to be audited. Once correctly configured, the server security logs will then contain information about attempts to access or otherwise manipulate the designated files and folders. It is important to note that file and folder auditing is only available for NTFS volumes. Yes, it is necessary.
Your Google-Fu is strong tonight - Auditing Windows Server 2008 File and Folder Access - Techotopia

Anyways, Windows Server should have auditing already available to you. The reason why auditing is important is because you to recognise that people did change the files around incase of incidents such as hackers trying to put in malware or other case scenarios. However, if you have normal windows and not the windows which is oriented towards servers then file auditing is not necessary.

This is because the amount of data you download and use. If you for instance recognise that there is ransomware on your computer; such as the new cryptoransomwares which are storming through the malware scene. Auditing wouldn't help to prevent this. However, if an attacker tried to put a exploit kit on the server; you should remove it immediately before users get affected by the exploit kit and then they get ransomwares. It's more of a reporting tool than a prevention tool you see.

Therefore it's important in server environments because you want your clients who use your server to be at ease of mind and at least protected by good old fashion detection techniques and identification than them being hacked or infected. It's not important really for desktop environments because no one is connecting to your PC except yourself; Just get an AV.
Dreadnought is offline   Reply With Quote
Old 10-08-2016, 04:36 PM #5
Junior Member
 
Join Date: Jul 2014
Posts: 11
Rep Power: 0
Keeley Royle is on a distinguished road
Keeley Royle Keeley Royle is offline
Junior Member
 
Join Date: Jul 2014
Posts: 11
Rep Power: 0
Keeley Royle is on a distinguished road
Default Re: Windows file system

That makes it a whole lot clearer. Thanks guys!
I was wondering because I heard then that we were getting file server auditing and I clueless was about it.
Keeley Royle is offline   Reply With Quote
Reply





Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On











Loading












Privacy Policy | Advertising Disclaimer | Terms of Use


 


All times are GMT. The time now is 11:25 PM.


Powered by: vBulletin
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO
Privacy Policy | Advertising Disclaimer | Terms of Use
Copyright (C) 2017 Laser Pointer Forums, LLC