File, Files Everywhere!

You've heard the old expression "Needle in a haystack" - well that doesn't do justice to locating files you need on a Windows network. It's more like "Needle in a bunch of haystacks, in the dark". Files are spread across so many locations now, what with File Servers, SharePoint, Exchange, etc., it's just difficult to impossible to locate all the files you need - and it's always especially difficult when you need answers fast - like for an audit!

 

 

One of the cornerstones of an audit (even internal policy compliance audit) - is to prove that you have correctly identifiied all your locations and set up auditing to approrpiately gather all the information necessary to track users activity with key files. This is no small task to accomplish - configuring each one's local security policy as well as audit locations on each and every server across the enterprise. After that, you have to put a plan in action that gathers all the audit logs - and hope and pray that you don't have to find records to prove if a file was access or not. Interpretting the results of these audit records takes a special talent. As an example - see this entry in Event-o-pedia: http://eventopedia.cloudapp.net/default.aspx?LogType=Windows+Event+Log&LogName=Security&OSVersion=5.1&Category=Object+Access&Source=Security&EventID=567&action=go

 

One of the things you can do is proactively audit file access. Software is available (including Quest's Change Auditor) that allows you to alert on file access request in real time - collecting the data centrally for simpler reporting. Many of these products also help you by translating the event information in something human readable. This makes finding the data you're looking for a matter of a few clicks and minutes rather than some laborious process that leaves you with that uneasy feeling that you missed something.

 

Ahhh...peace of mind!

About the Author