Go Up
You are here: AdministrationMonitored Object Types, Actions, and AttributesFile Servers

Object Types and Attributes Monitored on File Servers

Currently, there are some peculiarities of file servers data collection and reporting:

  1. For the Windows-based file servers running Windows Server 2008, NetApp appliances, and EMC storages, changes to file shares are reported without who. The following is displayed instead:
    • for Windows Server - "System"
    • for NetApp appliances - "System" or "Not applicable"
    • for EMC storages - "Not applicable"
  2. For storage systems mentioned above, Netwrix Auditor displays not the actual time when the event occurred but data collection time.
  3. If a file server is running Windows Server 2008 SP2, Netwrix Auditor may be unable to retrieve workstation name for failed read attempts.
  4. Due to Windows limitations, the copy/rename/move actions on remote file shares may be reported as two sequential actions: copy as adding a new file and reading the former file; renaming\moving as removing the former file and adding a new file with the same name.
  5. To report on copy actions on remote file shares, make sure that audit of successful read operations is enabled. See Configure Object-Level Access Auditing for details.

Review a full list of object types Netwrix Auditor can audit on file servers.

NOTE: For more information on the Attributes marked with * in the table below, refer to this Microsoft article.

Object type Attributes

File

  • Attributes*
  • Location
  • Name
  • Ownership
  • Permissions:

    • Group Permissions
    • User Permissions
  • Primary Group
  • Security descriptor control flags

  • Size

Folder

  • Attributes*

    NOTE: The Reparse point attribute content is available for reviewing only when State-In-Time snapshot collection enabled. Mind that reparse point content changes cannot be audited.

  • Location
  • Name
  • Ownership
  • Permissions:

    • Group Permissions
    • User Permissions
  • Primary Group
  • Security descriptor control flags

Share

  • Access-based Enumeration

  • Caching

  • Continuous Availability

  • Description

  • Enable BranchCache

  • Encrypt Data Access

  • Local Path
  • User Limit

In addition to general object attributes, Netwrix Auditor generates the following attributes associated with the object and reserved for internal use.

  • Session ID—GUID generated by the product and can be helpful if you have to review large amount of changes and need to distinguish those made within one session.
  • Statement ID—This attribute appears when an object was moved/renamed due to its root object modifications.

Go Up