How to generate Who Accessed What Report?


Who Accessed What Report in NTFS Change Auditor allows you to report the all changes (Share Activities, File System Activities, Permissions Changes and Ownership Changes) done by specific user account(s) in your servers and workstations, since the application is configured for event data collection. To generate the Who Accessed What Report, perform the following steps:

  1. Configure object auditing as stated in Configure File System Object Auditing.

  2. Configure the event IDs 5140, 5142, 5143, 5144, 4663, 4670, shares, folders and files for which you want to run the report in Data Collector Settings for security event log data collection. For more information, click How to configure a host for data collection?

  3. To launch 'Who Accessed What Report' selection window, click menu in the toolbar. The 'Report Criteria' window will appear as shown below:

    To Configure user / group accounts , Click Click here to add user or group accounts menu.

  4. The 'Select User or Group Accounts' dialog is stated in How to add user or group using 'Select User or Group Accounts' dialog?

  5. Select one or more user or group accounts from 'Select User or Group Accounts' dialog.

  6. Specify the Date range for which you want to generate the reports for.

  7. Click Generate button to generate the report.

  8. Once the data collection is complete, the report will be generated in a report window as shown below:

You can also click Share Activities, File System Activities, Permissions Changes, Ownership Changes tabs to view all activities related to the selected user account(s).