Windows File Server Auditing

LT Auditor+: Windows Server

LT Auditor+ for Windows Server is configurable to fit seamlessly into any organization, large or small. LT Auditor+ allows your organization to immediately reap the benefits of continuous security and compliance monitoring by enabling your organization to improve incident response time, provide comprehensive audit reports, meet compliance control transformation requirements, ensure privacy, confidentiality and integrity, all while saving time and money.

LT Auditor+ for Windows Server goes beyond native Windows event logs and interacts seamlessly and unobtrusively with the operating system to capture Successful/Failed Authentications; Successful/Failed File and Folder Operations; and Removable Storage Activities including flash drives. LT Auditor+ for Windows Server delivers a bullet-proof audit trail, through easy-to-read forensic reports and real-time alerts, to precisely identify Who did What, from Where and When.

Quality Data: Removes the complexity from cryptic event logs by providing clear, concise information on who did what from where and when on your Windows Servers in human readable format.
Real-Time Alerts: Get notified in real time when critical changes occur on Windows Servers such as clearing security logs, changing system clocks or if unauthorized applications are loaded.
Audit Data Reduction: Allows for complex filtering from hundreds and thousands of events per second so as to collect relevant data for auditing. This avoids the clutter and noise associated with enormous volumes of event log data, providing for high quality reporting and forensic analysis.

Track Authentications: All types of successful or unsuccessful login activity can be monitored to ensure authorized access to systems. You have the ability to track after hour access as well remote desktop activity.
File Access: Captures the source IP address/workstation name for all access to critical files and folders on File Shares or SAN devices. This ensures accountability as you know who exactly is accessing critical or sensitive information and also acts as deterrent to prevent insider threats.
Simplified Management: Provides the ability to audit and monitor multiple servers across geographic locations from a single console.

This page is having a slideshow that uses Javascript. Your browser either doesn't support Javascript or you have it turned off. To see this page as it is meant to appear please use a Javascript enabled browser.Glam WordPress Slider Plugin.

Windows Server

Windows Server - Failed Login Summary Report

Windows Server - After Office Hours Login Report

Download Datasheet

Audited Events

Files/Directory Auditing Activity

Create File
Delete File
Modified File
Change Rights/Assign Rights
Rename File
Make Directory
Remove Directory
Rename Directory
Open/Access File
File Attribute Change
Take Ownership

Authentication Auditing Activity

Interactive Logon/Logout
Netwok Logon/Logout
Batch Logon/Logout
Service Logon/Logout
Unlock Logon
Kerberos Authentication Ticket Granted Kerberos Authentication Ticket Renewed Kerberos Service Ticket Granted
NTLM Authentication

System Activity

Date/time Changes
Event Log Clear
Application Load
Application Unload

Reports Template

Logon Reports

Interactive Logon Report
Machine Unlock Report
Network Logon Report
Remote Interactive Logon Report
Service Logon Report
Kerberos Authentication Report
NTLM Authentication Report

System Events

Security Event Log Cleared Report
System Time Changed Report
Applications Loaded/Executed Report
Applications Unloaded/Terminated Report

File Activity

Files Access Report
Files Created Report
Files Deleted Report
Files Modified/Written To Report
Files Renamed Report
Folders Accessed Report
Folders Created Report
Folders Deleted Report
Folders Renamed Report
File And Folder Attributes Change Report
Modify Files Security Report
Failed File And Folder Access Report