How to create easier reporting for Windows auditing?


  1. exus69
    Posts : 6
    Windows 7 32bit
       New #1

    How to create easier reporting for Windows auditing?


    Hello,

    My dad has all his important files in a folder named "IMP" in E: in Windows 7. I've set auditing object access failure and enabled auditing on the IMP folder and denied read access and delete folder for all other users.

    Everything is working fine and I can check the event viewer whenever my dad wants to have a look at the logs. The problem is I am not always present when he wants to have a look at the logs and since he isn't too tech savvy it would be very difficult for him to go to event viewer, filter the log with event id no. 4656, Event Sources: Microsoft Windows security auditing, Task category: File System.

    I was wondering if there is an easier way of generating logs for eg. automatically create a notepad file with all those filters once the audit failure triggers.

    Please help
      My Computer
    Quote Quote

  3. bobafetthotmail
    Posts : 1,711
    Win 7 Pro 64-bit 7601
       New #2

    probably by writing a bat file and executing with admin privileges... but you have to look if there is a way to do it with console commands to event viewer in the first place (it's likely possible).

    I have a few of these "shortcuts", double click and Bam! A wall of commands gets executed. Time-saver man.

    Why that anyway? If it is locked to other users what is there to log? Failed attempts to open it?

    I really hope you are encrypting your drive, as this measure alone is a bit weak if the disk isn't encrypted. (a punk can simply boot that PC from a Linux liveCD or USB thumbdrive and access the unencrypted disk and those files ignoring the windows policy).
    Last edited by bobafetthotmail; 06 Jun 2013 at 02:18. Reason: ehehe, linked commands that weren't working in Windows 7, now fixed
      My Computer
    Quote Quote

  4. exus69
    Posts : 6
    Windows 7 32bit
    Thread Starter
       New #3

    bobafetthotmail said:
    Why that anyway? If it is locked to other users what is there to log? Failed attempts to open it?

    I really hope you are encrypting your drive, as this measure alone is a bit weak if the disk isn't encrypted. (a punk can simply boot that PC from a Linux liveCD or USB thumbdrive and access the unencrypted disk and those files ignoring the windows policy).
    Yes he's interested in knowing who's nosy enough to try and explore his IMP folder. Haven't thought about encrypting the disk. Maybe I'll just encrypt his IMP folder. Thanks alot for the links.

    Cheers :)
      My Computer
    Quote Quote

  6. bobafetthotmail
    Posts : 1,711
    Win 7 Pro 64-bit 7601
       New #4

    meh, chances are you only get hits from kids and other less-savy users. But if it makes him feel safer... leave it be. :)
      My Computer
    Quote Quote

 

  Related Discussions
Source: Making it Easier to Upgrade to Windows 10 | Windows Experience Blog
Software Auditing
in Software

I am trying to find an application that can do an audit of my PC and tell me what applications I have installed and all of their serial and license keys. I know these applications exist cause my company uses one for when we reimage a machine. I am in essence going to be reimaging my machine to...
I really think mac is difficult to use and a complete was of time. I support their phones, but nothing else
Microsoft tries to make Windows 7 easier to open Microsoft tries to make Windows 7 easier to open | Beyond Binary - CNET News That is pretty sad. Its own INSTRUCTIONS!?!?!??!?! ~Lordbob
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 04:51.
Find Us