Return to

Local Group Auditing for Windows Server


Hello, I am currently been tasked with looking into server security for a non-profit organization. They currently have a windows server 2012 R2 setup and no AD. I have hit a little roadblock with my research and seek some knowledge. I am looking for a group audit policy for one reason only, to find out which user deleted files from network share that is located on the server. Some context here. I have already been in talks with Netwrix (Windows Server Module) and looked into Varonis pricing including non profit pricing and seems to be around $900 for non-profit pricing.
The windows server has multiple local users on the server and are just created for network share as all the laptops they buy only come with windows 10 home. Long Story Short I am looking for something simple and basic to see who changing and editing files that is better then the built in windows policy.

Any help is much appreciated

Note: This is my first forum post ever



just enable file auditing in group policy for the user group?

I dont understand what you’re asking for I guess.

Welcome to the forum.



Sorry I apologize. I am looking for software that is clear and easy for the coordinator of the non-profit to see which user is deleting and edit files



There really isnt tbh. The solution in my eyes is to revoke delete permissions for that user group and put someone in charge of that. Editing can also be locked down the the user that created the file but probably not ideal.

I have to wonder why they have server 2012 in the first place? Why no AD? This could have been solved easily with a synology nas. I suppose theres xpenology but thats a weird solution as well.

windows server has built in auditing tools but if the users are not authing via AD theres no way even a third party software will work to show that information because not even windows knows.

1 Like


I have found a cheap solution: PA File Sight Lite
$200 USD for 1 time license
and it works for local users as well.