Hi everyone,
I am trying to set up auditing on a directory that is shared on my file server. I tried it in many ways, but none works. This is my config :
- Primary Domain Controller running on Windows Server 2008 R2 (DC)
- Secodary Domain Controller and File Server running on Windows Server 2008 R2 (FS)
- All clients running on Windows XP SP3
And here is how I set the audit up :
- On the DC, created on GPO "audit GPO"
- In the "audit GPO"setting, enabled "Audit Object Access" on Success and Failure
- Linked the GPO in the Domain Controller OU
- Added an audit entry on the directory that must be audited, to "everyone", "this folder, subfolders and files", "Successfull -> Full Control", "Failed -> Full Control"
This should be enough for the audit to work, but it doesn't. Nothing appears in the "Security" event log of the File Server. To be sure that the settings are applied, I executed the Group Policy Results Tool. The settings appears as applied.
So, something is wrong, but I cannot find what.
I tried to restart the File Server and also tried to setup the audit on the "Default Domain Controllers" group policy object that contains already audit settings. In both case, I still have no audit in the "Security" event log.
Can you help me to resolve this issue ?
Best regards.
Matteo, .NET Developer