Magic Quadrant™ for Privileged Access Management 2025: Netwrix Recognized for the Fourth Year in a Row. Download the report.

Contact usSupportCommunity
English Español Italiano Français Deutsch Português
Platform
Solutions

Data Security Posture Management

Discover and classify data in hybrid environments. Assess, prioritize, and mitigate risks to sensitive data.

Directory Management

Simplify and secure directory operations by cutting down on complexity, risk, and manual effort.

Endpoint Management

Secure endpoints and prevent data loss while keeping teams productive — no matter where they work.

Identity Management

Secure every identity, streamline every process, and stay ahead of compliance — without adding complexity.

Identity Threat Detection & Response

Stay ahead of identity-based threats — proactively remediate risks, block attacks, and ensure rapid recovery.

Privileged Access Management

Shrink your attack surface by killing standing privileges, locking down credentials, and monitoring privileged sessions.
Featured Products See all products
Netwrix AuditorNetwrix Access AnalyzerNetwrix PingCastleNetwrix Endpoint Protector

The Netwrix 1Secure™ Platform

Explore
Netwrix AI Environments we protect Integrations MSPs Active Directory Security Risks Compliance Pricing
Resource Center See All
BlogAttack CatalogComplianceCustomer StoriesCybersecurity FrameworksCybersecurity GlossaryEventsFreewareGuidesIdeas PortalNewsPodcastsPublicationsProduct AnnouncementsResearchWebinars
Asset not found

Featured Customer Story

DXC Technology Enables Customers to Achieve PCI DSS Compliance and Focus on Strategic Initiatives
Partners
Partner ProgramBecome a PartnerMSPsPartner LocatorWebinars
Asset not found

Featured Customer Story

AppRiver Enhances Control over Active Directory While Significantly Reducing Auditing Time
Asset not found

Featured Customer Story

MSP Helps Client Recover from Ransomware in 6 Hours
Why Netwrix
About UsLeadershipNetwrix AICustomer StoriesRecognitionNewsCareers
Asset not found

Featured Customer Story

Horizon Leisure Centres Accelerates Data Classification to Comply with GDPR and Saves £80,000 Annually
Asset not found

Featured Customer Story

Samsung R&D Institute Secures Data with Cross-Platform Use and Fast macOS Deployment Using Netwrix Endpoint Protector
Resource centerHow-to-Guide
How to Detect Who Read a File on Windows File Servers

How to Detect Who Read a File on Windows File Servers

Native Auditing

  1. Navigate to the required file share → Right-click it and select "Properties".
  2. Switch to the "Security" tab → Click the "Advanced" button → Go to the "Auditing" tab → Click the "Add" button.
  3. Configure the following settings: Principal: "Everyone"; Type: "All"; Applies to: "This folder, subfolders and files"; Advanced Permissions: "List folder / read data" → Click "OK" three times.
  4. Log on to your domain controller and run gpmc.msc → Create a new GPO and define its name → Go to “Computer Policy” → Click “Computer Configuration” → Choose “Windows Settings” → Click “Security Settings” and enable the following settings:
    • Local Policies → Audit Policy → Audit object access → Define → Success and Failures
    • Advanced Audit Policy Configuration → System Audit Policies → Object Access → Audit File System → Define → Success and Failures
    • Advanced Audit Policy Configuration → System Audit Policies → Object Access → Audit Handle Manipulation → Define → Success and Failures
  5. Go to Event Log → Define and specify the following settings:
    • Maximum security log size: 4GB
    • Retention method for security log: “Overwrite events as needed”
  6. Link the new GPO to an OU with file servers as follows: Go to "Group Policy Management" → Right-click the OU → Click "Link an Existing GPO" → Select the GPO that you created.
  7. Force a Group Policy update on the selected OU: Go to "Group Policy Management" → Right-click the OU → Сlick "Group Policy Update".
  8. Open Event Viewer → Search the Security Windows Logs for event ID 4663 with the string "Accesses: ReadData (or ListDirectory)" and review who read or attempted to read files on your file servers.
Image

Netwrix Auditor for Windows File Servers

  1. To find access auditing events, run Netwrix Auditor → Navigate to “Search” → Click “Advanced mode” if not selected → Set up the following filters:
    • Filter = “Data source”
      Operator = “Equals”
      Value = “File Servers”
    • Filter = “Action”
      Operator = “Equals”
      Value = “Read”
  2. Click the “Search” button and review who read or attempted to read files on your file servers.
Image

Share on

Related Resources

Dig deeper with our related resources

Resource Center
eBook

Facilitating Data Loss Prevention with Netwrix Solutions

Data Loss Prevention
eBook

Deploying Software on Windows: Painful but it doesn't need to be

Endpoint Management