For Windows File Server Auditing

Before you start creating a monitoring plan to audit your Windows file servers, plan for the account that will be used for data collection – it should meet the requirements listed below. Then you will provide this account in the monitoring plan wizard (or monitored item settings).

Starting with version 9.96, you can use group Managed Service Accounts (gMSA) as data collecting accounts.

NOTE: For more information on gMSA, refer to Using Group Managed Service Account (gMSA)Microsoft documentation.

These group Managed Service Accounts should meet the related requirements, as listed below.

On the target server:

  1. The account must be a member of the local Administrators group.

  2. The Manage auditing and security log and Backup files and directories policies must be defined for this account. See Configuring 'Manage Auditing and Security Log' Policy and Configuring 'Back up Files and Directories' Policy for more information.
  3. The account requires Read share permission on the audited shared folders.
  4. The account requires Read NTFS permission on all objects in the audited folders.
  5. To audit Domain-Named DFS NameSpace, the account must be a member of the Built-in Server Operators group on the domain controllers of the domain where the file server belongs to.