Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersTracking File Deletion, Creation and Modify actions - Windows
Aaroona

3130 posts

Uber Geek


#230759 12-Mar-2018 11:40
Send private message

I am embarking on a journey to monitor certain critical files within our environment.
Windows event logging appears to give me information when someone uses certain rights against files when auditing in enabled, so from that perspective, Check! 

 

The problem I am running into is that when you create a file, a 4663 event is not generated - for some reason it's not being seen as a "write" access. I can use 4663 to monitor Modify/Write access to an EXISTING file and delete actions against a file, but I can't seem to get this last piece of the puzzle.

 

There seems to be a lot of mixed information out, some have said 4656 events, but those are requests against an object, and not necessarily the action taken against the file from what I've read.

 

 

 

Anyone else run into this? Is there a way to track this info accurately with event logging?

Create new topic
Aaroona

3130 posts

Uber Geek


  #1977106 15-Mar-2018 12:43
Send private message

I'm surprised to see there are no answers or suggestions here.

 

 

 

I'm going to follow up with Microsoft directly and see what they come back with. The more I dig, the more I don't think there's a straight forward answer.

 
 
 
 

Learn cloud, mobile, security, data and web technologies with Pluralsight (affiliate link).
plas
425 posts

Ultimate Geek


  #1977165 15-Mar-2018 13:25
Send private message

I use https://www.lepide.com/lepideauditor/file-server-auditing.html to monitor file servers. If I remember correctly event logs don't record enough events to be useful.

 

 

Create new topic





News and reviews »

Samsung Announces Galaxy AI
Posted 28-Nov-2023 14:48

Epson Launches EH-LS650 Ultra Short Throw Smart Streaming Laser Projector
Posted 28-Nov-2023 14:38

Fitbit Charge 6 Review 
Posted 27-Nov-2023 16:21

Cisco Launches New Research Highlighting Gap in Preparedness for AI
Posted 23-Nov-2023 15:50

Seagate Takes Block Storage System to New Heights Reaching 2.5 PB
Posted 23-Nov-2023 15:45

Seagate Nytro 4350 NVMe SSD Delivers Consistent Application Performance and High QoS to Data Centers
Posted 23-Nov-2023 15:38

Amazon Fire TV Stick 4k Max (2nd Generation) Review
Posted 14-Nov-2023 16:17

Over half of New Zealand adults surveyed concerned about AI shopping scams
Posted 3-Nov-2023 10:42

Super Mario Bros. Wonder Launches on Nintendo Switch
Posted 24-Oct-2023 10:56

Google Releases Nest WiFi Pro in New Zealand
Posted 24-Oct-2023 10:18

Amazon Introduces All-New Echo Pop in New Zealand
Posted 23-Oct-2023 19:49

HyperX Unveils Their First Webcam and Audio Mixer Plus
Posted 20-Oct-2023 11:47

Seagate Introduces Exos 24TB Hard Drives for Hyperscalers and Enterprise Data Centres
Posted 20-Oct-2023 11:43

Dyson Zone Noise-Cancelling Headphones Comes to New Zealand
Posted 20-Oct-2023 11:33

The OPPO Find N3 Launches Globally Available in New Zealand Mid-November
Posted 20-Oct-2023 11:06








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.




RSS feeds
Main feed
Forums feed
Copyright
©2002-2023 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.