Hello all, I have recently deployed FIM on 2 servers and am a bit overwhelmed on a few things. I’m hoping someone can help guide me a bit. Currently I am getting data from the servers, but now need to tune it some and make my reports more useful. I am not a server admin but my role is LEM and its reports. My server guys will work with me to make changes if needed, but I have to guide them to what I need.
- Do I only need to enable the FIM connector on a server with agent installed to get it working? I had seen some information at http://knowledgebase.solarwinds.com/kb/questions/3454/How+to+enable+file+auditing+in+Windows indicating I needed to enable file auditing on objects and files? Is this still necessary or is this just the “old way” relying strictly on Windows auditing?
- From reading https://thwack.solarwinds.com/thread/71564 , I gather that there is no way to truly know if someone has opened a file, or simply opened the folder. I assume this is still the case? If so, is there any benefit to having the File: Read condition checked in the FIM monitor?
- Is there a use case for checking the condition check boxes for Permissions: Read, Other: Read, or Other: Write? One can assume that you have permissions to get to the share, if you get to it.
- I am having the issue that many actions are showing as user NT AUTHORITY\SYSTEM in File Audit reports, as https://thwack.solarwinds.com/message/240397 . We are using LEM 6.1 and have the 6.1 agent installed. Any ideas?
- Any other suggestions you may have concerning making my data more useful with FIM would be appreciated.
Thank you