FileAudit Documentation
FileAudit Documentation
You are here: F.A.Q. > Troubleshooting > Events generated by windows search

Events generated by windows search

When a user uses the Windows search in an audited folder by FileAudit, this can generate some events depending on the configuration of the search.

Search

These are the different cases:

  1. If the search is performed in an indexed or not indexed folder, no events should be generated.

  2. If the search is performed in a folder that is not indexed, and has the File Contents search enabled, a read event will be generated for every file in the folder.

    File contents

  3. If the search is performed in an indexed folder with the content also indexed, this should not generate any event.

    Indexed locations

    Verify that index contents is checked:

    Advanced attributes

  4. The behavior is the same for the search performed in shared folders of File Servers. To setup the index search, it is necessary to install the Windows Search Service:

    Go to the Server Management Interface and click on Manage -> "Add Roles and Features"

    Manage

    Windows search service

    Installation progress

    Now enable the Indexing options on the Server. You have to add the share to the Search Index. Your server will index the files automatically. You can add a folder or an entire drive.

    The Indexing Options can be found in the Control Panel:

    Computer settings

    Click on modify:

    Indexing options

    And then add your drives and/or folders to the Index:

    Indexed locations

    Unfortunately, it is impossible to use Windows Search with DFS:
    https://social.msdn.microsoft.com/Forums/windowsdesktop/en-us/85525c46-1ab5-46e1-a288-e36561a6ffab/wds-40-and-dfs