Welcome to Laser Pointer Forums - discuss green laser pointers, blue laser pointers, and all types of lasers



Windows file system

Keeley Royle

New member
Joined
Jul 29, 2014
Messages
16
Points
0
Hello! What do you guys use for auditing windows file system?? Is is necessary? Thanks!
 



Vikki Points

New member
Joined
Aug 14, 2016
Messages
3
Points
0
Hi! In order to track file and folder access on Windows Server 2008 it is necessary to enable file and folder auditing and then identify the files and folders that are to be audited. Once correctly configured, the server security logs will then contain information about attempts to access or otherwise manipulate the designated files and folders. It is important to note that file and folder auditing is only available for NTFS volumes. Yes, it is necessary.
 

Dreadnought

Member
Joined
Aug 7, 2015
Messages
91
Points
18
Hi! In order to track file and folder access on Windows Server 2008 it is necessary to enable file and folder auditing and then identify the files and folders that are to be audited. Once correctly configured, the server security logs will then contain information about attempts to access or otherwise manipulate the designated files and folders. It is important to note that file and folder auditing is only available for NTFS volumes. Yes, it is necessary.
Your Google-Fu is strong tonight ;) - Auditing Windows Server 2008 File and Folder Access - Techotopia

Anyways, Windows Server should have auditing already available to you. The reason why auditing is important is because you to recognise that people did change the files around incase of incidents such as hackers trying to put in malware or other case scenarios. However, if you have normal windows and not the windows which is oriented towards servers then file auditing is not necessary.

This is because the amount of data you download and use. If you for instance recognise that there is ransomware on your computer; such as the new cryptoransomwares which are storming through the malware scene. Auditing wouldn't help to prevent this. However, if an attacker tried to put a exploit kit on the server; you should remove it immediately before users get affected by the exploit kit and then they get ransomwares. It's more of a reporting tool than a prevention tool you see.

Therefore it's important in server environments because you want your clients who use your server to be at ease of mind and at least protected by good old fashion detection techniques and identification than them being hacked or infected. It's not important really for desktop environments because no one is connecting to your PC except yourself; Just get an AV.
 




Top