How to audit file accesses on network drives for Windows environment.

Document ID : KB000010301
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

How to audit file accesses on network drives for Windows environment.

Environment:
CA Privileged Identity Manager for Windows
Instructions:

Following rule achieves to audit file accesses on network drives.

 

AC> editres FILE ("\Device\Mup\;LanmanRedirector\;*") audit(a) defacc(a) owner(nobody)

 

seaudit shows resource names as follows.

 

\Device\Mup\;LanmanRedirector\;<Drive Letter>:<xxxxxxxxxx>\<remote host name>\<shared folder name>\<file-name or foldet-name>