Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to create easier reporting for Windows auditing?


  • Please log in to reply
3 replies to this topic

#1 exus69

exus69

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 05 June 2013 - 11:36 PM

Hello,

My dad has all his important files in a folder named "IMP" in E: in Windows 7. I've set auditing object access failure and enabled auditing on the IMP folder and denied read access and delete folder for all other users.

Everything is working fine and I can check the event viewer whenever my dad wants to have a look at the logs. The problem is I am not always present when he wants to have a look at the logs and since he isn't too tech savvy it would be very difficult for him to go to event viewer, filter the log with event id no. 4656, Event Sources: Microsoft Windows security auditing, Task category: File System.

I was wondering if there is an easier way of generating logs for eg. automatically create a notepad file with all those filters once the audit failure triggers.


Please help

 



BC AdBot (Login to Remove)

 


#2 Firefoxthebomb

Firefoxthebomb

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA -- Texas
  • Local time:03:15 AM

Posted 06 June 2013 - 09:46 AM

Hello and Welcome....

Here is something you may try, its a little program Called MyEventViewer by Nirsoft. No install required, its free and quite simple to use. Maybe your dad will not have any difficulty learning how to use it to view the logs.

Take a look at it here..... http://www.nirsoft.net/utils/my_event_viewer.html (change the hxxp to http)  

Mod Edit:  Fixed link - Hamluis.


Edited by hamluis, 06 June 2013 - 07:21 PM.

firefoxsig-resized.jpg.b57936275b99d45f7

Dell Precision T7810, Win10 64bit fully updated, Symantec Endpoint Protection,
Watchguard Firewall, Intel Xeon E5-2620v4 CPUs, Dual 8 Core Processors, 32GB Ram,
E5-2620v4 @ 2.10GHz X 2, AMD FirePro W4100 with 4 Screens, 500GB SSD Boot Drive,
Raid-1 Dual 2TB Sata 10000 rpm Hard Drives, DVD Burner, IE11, Opera, MBAM, MBSB, MBAE


#3 jcgriff2

jcgriff2

  • BSOD Kernel Dump Expert
  • 1,052 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey Shore
  • Local time:04:15 AM

Posted 06 June 2013 - 06:42 PM

Hi -

 

Use the wevutil command.  Create a batch file that he can run from Desktop.

 

http://social.technet.microsoft.com/Forums/en-US/winserverManagement/thread/bb2208b2-e2b7-4e80-a6da-79aa1444957d/

 

Regards. . .

 

jcgriff2


Microsoft MVP 2009-2015

#4 exus69

exus69
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 11 June 2013 - 01:58 PM

Hello,

 

Sorry for the late reply. Thanks for the help guys.

 

wevtutil is working perfectly except that the event is not trigerring the required report file using the task scheduler. If I run the batch file manually then its creating the report in text format but the task scheduler method is failing repeatedly :(

 

MyEventViewer is good but it does not give specific read or deny access in its description. For eg. please check out the attached picture and the highlighted text in blue. Any solution for that ?

 

 

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users