File Share, Security and Audit on Windows Server 2016
Customer wanted to have the ability to share, give special permissions and know who deleted the file or folder. We can achieve the request by using windows server. Creating a folder and sharing is very simple, but when you want to give access to one user over other user, it becomes a bit of a challenge, but if you plan it out correctly, then it becomes an easy task.
First, we created all the users in the Windows Active Directory based on the customers need. Then we create groups and add the user into the group. Then the folder is created with specific permissions, such as read/write/delete etc. Appropriate group is added to folder security.
We use AD Groups and add them into the folder securities because it's much easier to add/remove users in AD Groups than change the folder security permission.
Once this is done, we enable auditing on the local machine policy and enable the auditing on the folder to capture events such as deleting files or folders on the event viewer.
It’s a pretty simple process but it requires a bit of planning to get the file sharing done correctly with correct security. It's crucial that files and folders are viewed by intended users.