For many organizations, keeping track over who has access to data is critical for maintaining corporate compliance. Such auditing is also mandatory for adhering to compliance regulations like HIPAA. Companies that need this sort of insight into their data should consider IS Decision’s FileAudit 4.
The Windows ecosystem has native auditing capability. But auditing in Windows is tightly interwoven with Event Viewer. Configuring auditing and deciphering the sometime cryptic text of Event Viewer requires the skill of a Windows system administrator. Data auditors are seldom part of IT and, in fact, companies often want to keep auditing and auditing reports out of IT’s purview. That’s why third-party solutions that make it easy to see what’s happening with company data and make running audits reports easy are often necessary. IS Decisions’ FileAudit 4 is one such solution.
With FileAudit, organizations have an easy yet robust tool for auditing files and folders that reside on Windows systems, run audit reports without the help of IT, and even send alerts about auditing events. It’s not a cheap solution, at a starting price of $826. Plus, it only audits files and directories on Windows, something that the company may want to address as user data is increasingly being kept on a wide-variety of devices. However, Windows shops with critical auditing needs will find FileAudit 4 worthy of consideration.
Pricing and Requirements
As mentioned, unit pricing starts at $826, which includes a year’s free maintenance. Pricing is per server on which files are to be audited. Organizations with many servers can take advantage of volume licensing.
FileAudit can audit machines running Windows XP, Vista, Windows 7, Windows 8, as well as Windows Server OSes from Server 2003 on up to Server 2012. The company states the product will likely support Windows 8 Pro tablets but it has yet to test and verify.
Requirements include the.NET Framework 3.5 SP1and 60MB of free disk space. FileAudit also requires a database. Microsoft Access is included in the price, but you can opt to use it with Microsoft SQL Express 2005/2008/2008 R2 and Microsoft SQL Server 2005/2008/2008 R2/2012.
The software also needs access to port 445 (SMB TCP) and ICMP-Ping. You can perform a console-only install on a client machine to remotely manage and run auditing on machines running the FileAudit service. For console installs, port 2000 must be open for the remote connection.
Install and Configuration
You can install FileAudit on a Windows 2012 server for instance, and manage and configure it from that server or perform a console install on a client machine and manage FileAudit remotely (my preferred method for managing server utilities).
The install process is quite simple and involves a few clicks. Opening the FileAudit interface reveals a Windows-8 like, tile-based look but I would argue even more professional and polished with uniform colors.
The interface is divided into three sections: Audit, Access, and Tools. You click on “Audit Configuration” under the Audit section to get started. You can browse to select the file or folder you want to audit. You can add remote files and folders too, as long as the remote machine has a FileAudit license.
I selected a folder and then received another wizard, this one for assisting in configuring the folder for access auditing. This means configuring the server on which the folder is stored, for object access audit, NTFS audit on the folder path, licensing the server, and finally configuring the server to be constantly monitored by FileAudit.
I clicked Next in this wizard to kick off the configuration steps. For each configuration, the wizard asked if I wanted FileAudit to automatically configure itself or if I wanted to configure manually. I opted for the former and the appropriate configurations were made and the folder was added to FileAudit’s watch.
One bothersome limitation seems to be that you only have the ability to add one folder or one file at a time and neither in bulk, at least within the interface. The alternative is to go into Windows Explorer on the server FileAudit is installed on, multi-select files and folders, and then right-click for the contextual menu. FileAudit is added to the menu and clicking it will launch path configuration for each object consecutively.
Overall, the automated configuration is impressive and certainly easy even for the most novice tech user.
Alerts, Reports and Customization
After adding the files and folders you want to be audited, you can also set up alerting on any of those data objects. For example, you can set up an alert in case someone attempts to delete a specific folder or tries to open a file with Write permissions, or tries to take ownership.
These alerts can all be viewed in FileAudit’s File Access Viewer. There’s a list of events that took place with each audited object. You get a comprehensive view that includes the time and date of the event, the access type, whether access was granted or denied, the user, domain, and the source. Source is the name of the process generating the event. For instance, when I set auditing on a text file and then deleted the file, I saw this deletion event listed with the source being Notepad.exe.
By the way, although you can only audit Windows files and folders, FileAudit will audit access from non-Windows machines and devices.
FileAudit can also email alerts. You can set it to send individual alerts or all alerts together by adding the SMTP settings of an email server in FileAudit.
You can also schedule the app to run and email reports, just as you do with alerts. You select the audited objects you want to report on as well as the type of events—or you can view all access types and events. Information in the report is laid out the same way as in File Access Viewer.
The handiest feature is Statistics, which gives an at-a-glance view of everything that’s happening with audited data including, the access type, percentage of deletes, writes and any other attempts to change or tamper with file or folder permissions. You can also view useful information like the top five accessed folders and the top five users accessing audited objects.
FileAudit’s interface is clean and uncluttered. The simplicity of design means there isn’t much to customize but there are a few settings you can tweak in the Settings section.
You can exclude specific files from being audited within a folder such as .exe files, or exclude users from audit. Licensing, permissions, as well as database and email settings are all configured in Settings. Delete all audited events at any time by clicking Event Cleaner.
Customers also have lots of help resources right in the interface including support, documentation, and a user community.
FileAudit is a very straightforward application and easy to navigate through. I have a few minor quibbles and they mostly are about what I would like to see added to the interface. One is a validation settings in the email set up page. When you set email there’s no button for sending a test email to ensure proper configuration.
I’d also like a “Send Now” button when sending a report on-the-fly. You can work around this by setting up a report and send it instantly using the test button.
Also, customizing reports would be another useful feature to add. Some businesses may want to send out audit reports with their own branding.
Simple, Yet Effective Auditing
Even without the features I mention above FileAudit makes the often dreary task of data auditing easy yet effective. The solution is a more polished, user-friendly way to keep tabs on auditing over simply using Windows’ Event Viewer. I would like to see the solution branch out to audit information on Mac and Linux machines that house data as well, but Windows Servers are still the standard as file servers in business. Although it may be pricey for smaller businesses, FileAudit 4 is worth checking into if auditing is a must in your organization and is a four-star Editors’ Choice for business software.
More Business Software Reviews:
|OS Compatibility||Windows Vista, Windows XP, Windows 7, Windows 8|
Copyright © 2012 Ziff Davis, Inc