Is there anyway to track who copies files from a server?

by on May 14, 2013

Q: If I copy files from my company’s server onto an external USB drive, does it leave a trace on the server or my computer?


2 Responses to “Is there anyway to track who copies files from a server?”
  1.  

    You’d need to ask your company 🙂

    It depends on what type of logging and security they have in place.

     
  2.  
    Picked as best answer

    Good – Yes there is a way to track who copies/access files on a server. Assuming that this is a windows server you can turn on/enable file auditing. This does require that you are formatted with NTFS File system. I’ve pasted the steps for enabling and selecting which files to audit below…

    Auditing User Access of Files, Folders, and Printers

    The audit log appears in the Security log in Event Viewer. To enable this feature:
    Click Start, click Control Panel, click Performance and Maintenance, and then click Administrative Tools.
    Double-click Local Security Policy.
    In the left pane, double-click Local Policies to expand it.
    In the left pane, click Audit Policy to display the individual policy settings in the right pane.
    Double-click Audit object access.
    To audit successful access of specified files, folders and printers, select the Success check box.
    To audit unsuccessful access to these objects, select the Failure check box.
    To enable auditing of both, select both check boxes.
    Click OK.

    Specifying Files, Folders, and Printers to Audit

    After you enable auditing, you can specify the files, folders, and printers that you want audited. To do so:
    In Windows Explorer, locate the file or folder you want to audit. To audit a printer, locate it by clicking Start, and then clicking Printers and Faxes.
    Right-click the file, folder, or printer that you want to audit, and then click Properties.
    Click the Security tab, and then click Advanced.
    Click the Auditing tab, and then click Add.
    In the Enter the object name to select box, type the name of the user or group whose access you want to audit. You can browse the computer for names by clicking Advanced, and then clicking Find Now in the Select User or Group dialog box.
    Click OK.
    Select the Successful or Failed check boxes for the actions you want to audit, and then click OK.
    Click OK, and then click OK.

    This procedure was found here. http://support.microsoft.com/kb/310399

    Let me know if you require further assistance.

    Fletcha