Re: Tracking file deletions on Win2K3 Servers

From: Myweb <meiweb@xxxxxx>
Date: Wed, 14 Mar 2007 11:33:02 +0000 (UTC)

Hello GCB,

Enable auditing on your folder's, that you will control.

Best regards

Myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

This is probably a very simple question but I would like to know how I
can keep track of which users delete files from one of my servers. I
have applied the usual security to users which means that some users
have access to some folders and not others etc.

Just lately files in various folders have been going missing, I tried
turning on auditing for the folder but found I was getting far more
information than was needed in the event logs, all I want to know is
which user/s are deleting files, is there any easier way of reporting
this, maybe either by a report being sent to an email address?

Many thanks in advance for any tips.
GCB

Prev by Date: "Running DLL as an App" - warning after Administrator login
Next by Date: Re: Power User Privilages XP/2000
Previous by thread: "Running DLL as an App" - warning after Administrator login
Next by thread: Re: Power User Privilages XP/2000
Index(es):
- Date
- Thread

Relevant Pages

Re: Permissions problem using IIS 4.0 and Windows NT 4 Server (Intranet)
... For any permissions problem, enable auditing, specifically file access ... failure auditing for Everyone and Guests for all files and folders on the ... > administrator of the server and domain. ...
(microsoft.public.inetserver.iis.security)
Re: CAN DELETION OF FILE BE TRACED?
... You won't be able to find much of anything after the fact, you need to enable auditing of file and folders if you want to keep track of these kind of events. ... Is it possible to detect who might have done so, amongst the users/IPs? ...
(microsoft.public.windowsxp.general)
Re: Audit Policies - help.
... > I am trying to set up an audit policy on my domain ... > controller to track the access to files and folders. ... > have selected to log the sucess and failure events. ... properties, Advanced to enable auditing. ...
(microsoft.public.win2000.security)
Re: file management
... If you enable auditing of object access on your computers ... and then enable auditing of the folders for only the two delete permissions you ... should be able to find out the user by looking in the security log for Event ID pairs ... instead of full or modify - at least to the folders only which can be done in special ...
(microsoft.public.security)
RE: user logons
... You would have to enable auditing to view who logged on or off your ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
(microsoft.public.win2000.security)