Windows file server auditing is a great way to monitor what is going on with all the files stored on your company’s servers. You can find out who is accessing files, creating new files, deleting files, copying files, and moving files. To tap into the benefits of Windows file server auditing, you must first understand and use audit policy best practices.
Defining Terms
Before we go further, let’s discuss the term ‘auditing’. Some monitoring products use Windows Native Auditing. This technology is known to impact server performance so many system administrators don’t like using it. Other products (like PA File Sight) do not rely on Native Auditing, so performance impact is negligible.
#1 Best Practice: Decide What Audit Policies You Need
Do you want to know when someone accesses a file to view it? Do you want to know when someone is copying files from the server to their local computer? Do you want to know when there is unusual activity occurring? These are just some of the questions you need to answer to determine what audit policies you need.
#2 Best Practice: Before Implementation, Decide Where Audit Data Will Be Stored
Audit policies will collect audit data. You need to decide where you want all this data stored. The data can be stored on the file server, another server, or in the cloud.
#3 Best Practice: Decide Who Will Have Windows Audit File Access
There is no value in collecting audit policy data if you will do nothing with it. You need to decide who will have Windows audit file access to review the data and analyze it.
#4 Best Practice: Be Aware of Audit Data Storage Requirements
Audit data can take up a lot of storage space, depending on the size of your organization and what audit policies you put into place. For example, if you want to monitor each time an employee accesses a file on the Windows file server, it will generate new audit data every single time. If the employee opens 100 files throughout the day, then you will have 100 new audit data saves.
#5 Best Practice: Test File Server Auditing Policies
Before you do a mass rollout of new file server auditing policies, it is a good idea to test them in a smaller group. You need to know how the policies will affect server performance, individual computer performance, and how much space the audit data will take up.
#6: Best Practice: Decide What Audit Policies Are Needed for Compliance
Certain types of businesses may need to create audit policies to be compliant with various requirements, such as HIPAA, ISO, SOX, etc. Verify your audit policies can help you meet compliance, as well as provide the necessary data if you are audited by the respective compliance agency.
#7 Best Practice: Limit Access to Files and Folders on the File Server
One mistake some companies make is not creating audit policies that limit user access to files and folders on the file server. Make sure that employees only have access to the folders and files they need to do their job duties.
#8 Best Practice: Use Windows Server Audit File Access Monitoring Tools
There are Windows server audit file access monitoring tools and apps that make it much easier to monitor your file server. These apps also make it easy to generate reports, analyze audit data, and create automated lockup policies.
For further information about Windows file server auditing and simple file server monitoring solutions, please feel free to contact Power Admin at 1-800-401-2339 today! Remember to request your FREE no-obligation, 30-day, full-featured trial.
