Syskit Monitor
Try it for FreeContact UsProduct Site
  • Syskit Monitor
  • Product Updates
    • Syskit Monitor 9.1.0 - Release Note
    • Syskit Monitor 9 – The monster has awoken!
    • Syskit Monitor 8.4.0 - Release Note
    • Syskit 2012 R2 8.3.0 - Release Note
    • Syskit 2012 R2 8.2.0 Release Note
    • Syskit 2016 R2 8.0.1 - Release Note
    • Syskit 2016 R2 – Monitor and script all the things!
  • Requirements
    • System Requirements
    • User Permission Requirements
    • Pre Installation Requirements
  • Installation and Configuration
    • Install Wizard
      • Install Syskit Monitor
      • Install Syskit Monitor Data Collector
    • Configuration Wizard
      • Configure Syskit Monitor
      • SQL Permissions
        • Create a SQL Server Login
        • Create a SQL Server Database
        • Create a Service User Login Permission
        • Connect an Existing Database
    • Upgrade to the Latest Version
    • Uninstall Wizard
  • Editions
    • Editions
  • Activation
    • Activation Privacy Statement
    • Online and Offline Activation
    • Activation FAQ
  • Get to Know Syskit Monitor
    • Quick Start Guide
    • Administration
      • Servers and Groups
      • Monitoring Templates
      • PowerShell Scripts
    • Backstage Screen
      • Manage Data Gathering
      • Help Screen
      • Configuration
        • Configure
        • Options
      • Syskit Monitor Web App
    • Dashboards
      • Sessions Dashboard
      • Performance Dashboard
    • Reports
      • User Reports
      • Application Reports
      • Performance Reports
        • System Overview
        • Computer Performance
        • Application Performance
        • User Performance
      • Gateway Reports
      • License Reports
      • Event Log Reports
      • Inventory Reports
        • Hardware and Software
        • Powershell Reports
        • Compare Wizard
      • Custom Reports
  • Common Tasks with Syskit Monitor
    • Monitoring Windows Server and Application Performance
    • Monitoring and Restarting Stopped Windows Services
    • Real Time Alerting
    • Monitoring User Activities and Application Usage
    • Monitoring RD Gateway Connections
    • File System Auditing
    • Malicious IP Blocking
    • Computer Inventory
  • How To
    • Custom Reports
      • Create Custom Report
      • Create SQL Custom Report
      • Create an Alert
    • Users
      • Add Users Manually
      • Add Users From Active Directory
      • Manage Security Permissions
    • Dashboards
      • Create a Custom Dashboard
      • Edit Dashboards
      • Add Formatting Condition to Metrics
    • Reports
      • Export Report to Excel
      • Configure Cost Overview Report
      • Configure Report Subscriptions
      • Create Customized Report Views
    • Computers
      • Add/Remove or Delete Computer from Monitoring
      • Add Citrix Servers to Monitoring
    • Monitoring Templates
      • Predefined Monitoring Templates
      • Template Wizard
      • Import / Export Monitoring Template
      • Download Templates
    • Powershell Scripts
      • PowerShell Wizard
      • Manage Scripts
      • Import / Export PowerShell Script
      • Import and Use PowerShell Script Modules
      • Download Scripts
    • Service Accounts
      • Add Service User to Local Administrators Group via Group Policy
      • Add Service User to Local Administrators Group Manually
    • Audit Events
      • Enable Folder Auditing
      • Configure Audit Logon Events
      • Configure Syskit Monitor server to support the Block Malicious IP Addresses feature
    • Citrix Xenapp
      • Allow Remote RPC on Xenapp
      • Monitor Citrix Published Applications
      • Configure Syskit Monitor for Citrix XenApp 5 Published Application monitoring
      • Configure Syskit Monitor for Citrix XenApp 6.x Published Application monitoring
      • Configure Syskit Monitor for Citrix XenApp 7.x Published Application monitoring
    • Performance Counters Management
    • Manage Syskit Monitor Data Collector
    • Move database to new server
    • Exclude installation folder from antivirus scanning
  • FAQ
    • FAQ
  • Troubleshooting
    • SQL Server Connection
    • SQL Server Express 2012 LocalDB
    • How to resolve the Offline and Unauthorized computer states
    • Network Ports
    • Fixing WMI to work with Syskit Monitor
    • Enable-PSRemoting for untrusted domains to work with Syskit Monitor
    • Configuring CredSSP for use with PowerShell in Syskit Monitor
    • Installation Issues
    • User States
    • User Connections
    • Miscellaneous
Powered by GitBook
On this page
  • Configuring Group Policy
  • A) Configuring Group Policy for a domain WITHOUT Group Policy Management feature:
  • B) Configuring Group Policy for a domain WITH Group Policy Management feature:
  • After group policy configuration we are going to configure certain folders for auditing:
  • Configuring Syskit Monitor

Was this helpful?

  1. How To
  2. Audit Events

Enable Folder Auditing

This article explains how to enable Windows folder auditing.

This is required if you need to review auditing reports with Syskit Monitor.

By auditing the files and folders access you can report on user activities performed against selected files and folders.

Configuring Group Policy

There are two methods of applying group policy. Login on to your Domain Controller and check if you have Group Policy Management under Administrative Tools.

A) Configuring Group Policy for a domain WITHOUT Group Policy Management feature:

  1. Login to you Domain Controller with an account that has Domain Administrator privileges.

  2. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

  3. On the View menu, click Advanced Features.

  4. Right-click Domain Controllers, and then click Properties.

  5. Click the Group Policy tab, click Default Domain Policy, and then click Edit.

  6. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.

  7. In the right pane, right-click Audit Object Access, and then click Properties.

  8. Click Define These Policy Settings, and then click to select Success. Click OK.

  9. The changes you made will only take effect when the policy setting is propagated or applied to your computer. Complete either of the following steps to initiate policy propagation right now:

    • Type gpupdate /force at the command prompt of a server and then press ENTER. The policy will be updated.

    • Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.

B) Configuring Group Policy for a domain WITH Group Policy Management feature:

  1. Login to you Domain Controller with an account that has Domain Administrator privileges.

  2. Click Start, point to Programs, point to Administrative Tools, and then click Group policy management.

  3. Click Default Domain Policy, and then click Edit (in case you have a special policy only for terminal servers select that policy.

  4. Click Computer Configuration, double-click Policies, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.

  5. In the right pane, right-click Audit Object Access, and then click Properties.

  6. Click Define These Policy Settings, and then click to select Success. Click OK.

  7. The changes you made will only take effect when the policy setting is propagated or applied to your computer. Complete either of the following steps to initiate policy propagation right now:

    • Type gpupdate /force at the command prompt of a server and then press ENTER. The policy will be updated.

    • Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.

After group policy configuration we are going to configure certain folders for auditing:

  1. Login to you server and right click the folder you want to enable auditing for and click Properties.

  2. Choose the Security tab and for special permissions or advanced settings, click Advanced.

  3. The Advanced Security Settings dialog for the selected folder will open. First choose on the Auditing tab and then click the Edit... button.

  4. In the Auditing tab, click the Add button.

  5. In the Auditing Entry dialog for the selected folder, click the Select a principal link to enter all users/groups whose operations you want to audit. If you want to audit all users in your domain type in “Domain Users”. Click OK.

  6. Under the Basic permissions part, click the Show advanced permissions link and select the operations you want to track. We recommend that you select the minimal set of operations. Auditing is a resource consuming operation so you should select just a few operations you want to track here. We recommend to select the following:

    • List folder / read data

    • Create files / write data

    • Create folders / append data

    • Delete

  7. If there is a folder structure below the selected folder, make sure you have enabled the Replace all child object auditing entries with inheritable auditing entries from this object option in the Advanced Security Settings dialog.

Configuring Syskit Monitor

You need to enable collection of event log data under File > Manage > System Jobs and you are good to go. Syskit Monitor will start to collect audit information from the Event Log on a regular basis.

PreviousAudit EventsNextConfigure Audit Logon Events

Last updated 1 year ago

Was this helpful?

See the article for more detailed information.

Extract Event Log