How to create an alert for permission changes on critical shares

How to create an alert for permission changes on critical shares

Objective  

This article explains how to configure a real-time alert in ADAudit Plus to notify administrators whenever permissions are modified on specific, critical file shares.

Prerequisites  

  • You must have access to the ADAudit Plus web console with an administrator account or a technician account that has permissions to create alert profiles.

  • You need a list of the sensitive or critical shares you want to monitor.

  • Your file server must be configured in ADAudit Plus and successfully collecting security logs.

  • If you wish to receive notifications, the relevant services must be configured:

    • Email: SMTP server settings must be configured under Admin > General Settings > Server Settings.

    • SMS: Your SMS provider must be configured under Admin > General Settings > Server Settings > SMS.

    • Tickets: Your ticketing tool must be integrated under Admin > Configuration > Ticketing system Integration.

Steps to follow  

  1. Log in to the ADAudit Plus web console.
  2. Navigate to the Alerts tab and click New Alert Profile.

  3. Enter a relevant Name and Description for the alert (e.g., Critical Share Permission Change Alert).

  4. In the Report Profiles field, click the + symbol.

  5. In the Select Report Profile window, configure the following:

    • Domain: Select the domain where the file server resides.

    • Category: Choose File Audit.

    • Report Profile: Select the Folder Permission Changes report profile and click OK.

  1. Under Advanced Configuration, check the Filter box.

  2. Configure the filter to target your critical shares. Set the filter to:

    • Share Name | contains | [Enter the name of your critical share].


  1. In the Alert Actions section, enable your desired notification methods, such as E-mail Notification, SMS Notification, or Configure Auto Ticketing.

  2. Click Save to activate the alert profile.

Validation and confirmation  

  • Simulate the event: On your file server, navigate to one of the critical shares you included in the filter and modify its permissions (e.g., add or remove a user from the security settings).
  • Check the console: In the ADAudit Plus Alerts tab, verify that a new alert from this profile has been triggered, showing the permission change.

  • Verify notifications: Confirm that you have received the alert via email or any other notification channel you configured.

Tips  

  • Using the is in operator for the filter allows you to monitor multiple critical shares within a single alert profile.

  • For a proactive security posture, regularly audit the permissions of these shares using the built-in reports in addition to relying on real-time alerts.


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products