Members of the Power Users group will be able to discover shares residing on Windows file servers.
There are two ways to grant the user Read permission on all the audited shares-
a. Login to any computer with Domain Admin privileges→ Open MMC console → File → Add/Remove Snap-in → Select Local Users and Groups → Add → Another computer → Add target computer
b. Select target computer → Open Local Users and Groups → Select Groups → Right click on administrators → Properties →Add "ADAudit Plus" user.
c.Repeat the above steps for every audited Windows file server/cluster.
a. Login to any computer with Domain Admin privileges → Open MMC console → File → Add/Remove Snap-in → Select Shared Folders → Add → Another computer → Add target computer
b.Select target computer → Select share → Right click → Properties → Security → Edit →Add the "ADAudit Plus" user → Provide both Share and NTFS, Read permission.
c.Repeat the above steps for every audited share.
Note: DCOM and WMI permissions are needed for file cluster auditing and WMI mode of event collection, respectively.
a. Log in to any computer with Domain Admin privileges → Open Component Services → Connect to target computer → Right click on target computer → Properties → COM Security.
b.Navigate to Launch and Activation Permissions → Edit Limits → Security Limits →Add the "ADAudit Plus" user and grant all permissions.
c.Repeat the steps for every audited computer.
a.Log in to any computer with a Domain Admin privileges→ Run wmimgmt.msc → Right click on WMI Control → Connect to target computer.
b. Right click on WMI Control (target computer) → Properties → Security → CIMV2 → Security → Add the "ADAudit Plus" user and grant all permissions.
c.Repeat the steps for every audited computer.
Note: Read permission over C$ share (\\server_name\C$) is needed to access NetApp C-Mode log files.
