Is it possible to log file copying in Windows?

C

Chtotoro2016-09-09 16:56:16

Journaling

Chtotoro, 2016-09-09 16:56:16

Good afternoon.
Initial data:
- Park of machines under Win 7, 8, 8.1 and 10;
- Server running Win Srv 2012 R2;
- Trust policy of the company to employees. All restrictions are introduced only to ensure the stable operation of systems and to protect against violations of license agreements.
Task:
- Keep logs of all user actions, so that in the event of a conflict, you can find who did what.
The list of conflict situations includes:
- Change;
- Removal;
- Transfer of data to third parties.
Due to company policy, you cannot block access to users and prevent data leakage.
With the logs for changing and deleting files, everything is pretty clear, but what about, for example, copying files to a USB flash drive? It is clear that you need to enter additional logs on each of the machines and track it there. What does the copy operation look like in the logs?
Also interested in the question, what to do, for example, with the transfer of files through personal mail? Is it possible to track it somehow?
I understand that for this it is better to purchase a DLP complex, but these are:
- Much more expensive;
- "Crushes" on users thoughts about constant surveillance;
- I personally do not like it because of access to personal information of employees (Passwords, personal correspondence, etc.).
Thank you for your attention.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

Roman Sokolov, 2016-09-09
@jimquery

Group policies prohibit usb-carriers, and external traffic can be transparently proxyed and violations detected.

E

Eugene, 2016-09-09
@yellowmew

Focus primarily on SyavaSyava
's answer But remember: A
trust relationship is a trust relationship, and information is information.
1. No matter how the company trusts employees - not everyone should be given access to the file \ report "financial statements of the organization"
Differentiate access to documents: working documents are separate, important information is managed by a specific person / department and is available for maximum reading to everyone except him / them .
2. If an employee does not see a file to which he does not need access, this will prevent unnecessary temptations.
(in the properties of the file server, something like policy-based enumeration)
3. auditing access to file resources. (What SyavaSyavaprescribed) will allow you to fix who worked when / got access to the document.
4. in difficult cases, in which the use of DLP is really seen as necessary (forwarding from a computer from personal mail or via a messenger) - nothing can be done. Really. Mozart once spiritualized Miserere without any smartphones or personal emails.
Here can help:
5. Develop a slight paranoia among employees on the subject of "measures are being taken to protect information." Hold events, make lists of protected documents. Sign, carry out all standard procedures. Employees, thus, will know what if something is “atata” (even if “atata” really cannot be done due to the failure to find out who is “atata”).