Go Up
You are here: DeploymentConfigure IT InfrastructureConfigure Windows File Servers for Monitoring

Configure Windows File Servers for Monitoring

If you have multiple file shares frequently accessed by a significant number of users, it is reasonable to audit object changes only. Tracking all events may result in too much data written to the audit logs, whereas only some part of it may be of any interest. Note that audit flags must be set on every file share you want to audit.

If you are going to monitor an entire file server, consider the following:

  • If you specify a single computer name, Netwrix Auditor will monitor all shared folders on this computer. Netwrix Auditor does not track content changes on folders whose name ends with the $ symbol (which are either hidden or administrative/system folders). In order for the report functionality to work properly, you need to configure audit settings for each share folder on the computer separately. Otherwise, reports will contain limited data and warning messages.

  • For your convenience, if your file shares are stored within one folder (or disk drive), you can configure audit settings for this folder only. As a result, you will receive reports on all required access types applied to all file shares within this folder. It is not recommended to configure audit settings for system disks.

You can configure your file shares for monitoring in one of the following ways:

NOTE: If your file shares contain symbolic links and you want to collect state-in-time data for these shares, the local-to-local, local-to-remote, remote-to-local, and remote-to-remote symbolic link evaluations must be enabled on the computer that hosts Netwrix Auditor Server. See Enable Symbolic Link Evaluations for more information.

Go Up