Go Up
You are here: AdministrationMonitored Object Types, Actions, and AttributesFile Servers

Object Types and Attributes Monitored on File Servers

NOTE: For the Windows-based file servers running Windows Server 2008 or Windows Vista SP2, NetApp appliances, and EMC storages, changes to shares are reported without who ( "Not applicable" is displayed).

For NetApp appliances and EMC VNX/VNXe storages, the modification of the Audit attribute on files and folders is reported without who ("System" is displayed).

For entries mentioned above, Netwrix Auditor displays not the actual time when the event occurred but the data collection time.

Due to Windows Server 2008 SP2 limitations, Netwrix Auditor may be unable to retrieve workstation name for failed read attempts made this servers.

Due to Windows limitations, the copy/rename/move actions on remote file shares may be reported as two sequential actions: copy as adding a new file and reading the former file; renaming\moving as removing the former file and adding a new file with the same name. The copy action is not reported on DFS servers.

Refer to the following Microsoft article for more information on attributes marked with *.

Review a full list of object types Netwrix Auditor can audit on file servers.

Object type Attributes

File

  • Attributes*
  • Location
  • Name
  • Ownership
  • Permissions:

    • Group Permissions
    • User Permissions
  • Primary Group
  • Security descriptor control flags

  • Size

Folder

  • Attributes*

    NOTE: The Reparse point attribute content is available for reviewing only when State-In-Time snapshot collection enabled. Mind that reparse point content changes cannot be audited.

  • Location
  • Name
  • Ownership
  • Permissions:

    • Group Permissions
    • User Permissions
  • Primary Group
  • Security descriptor control flags

Share

  • Access-based Enumeration

  • Caching

  • Continuous Availability

  • Description

  • Enable BranchCache

  • Encrypt Data Access

  • Local Path
  • User Limit

In addition to general object attributes, Netwrix Auditor generates the following attributes associated with the object and reserved for internal use.

  • Session ID—GUID generated by the product and can be helpful if you have to review large amount of changes and need to distinguish those made within one session.
  • Statement ID—This attribute appears when an object was moved/renamed due to its root object modifications.

Go Up