File server auditing: Excluding certain files and file types

In order to improve the efficiency of audit reports, administrators auditing a file server may decide not to monitor certain files and file types. With ADAuditPlus' Exclude Configuration feature, certain files and file types can be excluded from auditing without having to modify the file selection by individual file or folder. As you can see in Figure 1, the Exclude Configuration feature allows you to omit files and specific file types that you don't want to monitor.Figure 1. The exclude Configuration feature helps you exclude certain files and file types from the auditing process. Administrators can exclude:

• Any file with a specific extension
• Any file under a specific folder
• A specific file in a specific folder

Files such as ~*, *.bak, *.tmp are excluded by default, and files and folders that support regular expressions can also be excluded. As an example, if you enter(?=e:\am$)*, this will exclude the folder am from the auditing process; however, ADAudit Plus will still audit events from subfolders of am.It should be noted that folder exclusions will apply to all files and folders under that folder, unless the subfolder is a reparse point. Reparse point subfolders must be excluded separately. Similarly, process names can also be configured. As an example, by entering c:\test\process.exe, you can exclude a particular process. Admins can exclude a list of users from being audited by adding them to the Excluded Users List, as seen above. Check out ADAudit Plus' Exclude Configuration. It lets you easily exclude files and file types during the auditing process, and it improves overall efficiency. Download your free, 30-day trial of ADAudit Plus.