We are setting up CIFS auditing on Windows 2008. One of the items that the customer would like to audit is the permission changes on files/folders eg a new user has been allowed access to a folder/file.
Currently, they only see that a permission change has occurred on the folder - but not the user details ie which user was added or removed.
Is this something that can be audited, or have we missed out something on the audit setup?
In order to monitor the file and folder level operations, fpolicy is the best to implement, cifs audit can do few things only and along with it implement fpolicy, so you will have broad spectrum to watch the activity on your cifs users operations.