astrazx
asked on
How can I tell who has changed a File in Win2000
Is there some way to tell who has changed a file on Windows 2000 Server. The event viewer doesn't show if a file or folder has been deleted, moved, or modified. Unless I'm missing something, I would think that would be a must for adequit security? It should be in the system log. Is there any way to enable that?
Astrazx
Astrazx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> ? It should be in the system log. Is there any way to enable that?
No. You want what THEY won't give
> I would think that would be a must for adequit security?
logs take up space, require backups. remember that disk drives were not always that large. log files more robust usually use tape drives. did you get one of those?
> How can I tell who has changed a File in Win2000
Well, there is the Owner. To skip all records of changes and just look for last ones involved, goto Explorer, left click on title bar, (upper right) such as on Name. You get pop-up now listing more fields like this than you'd ever care to see, and less than what you desire. Enable a few of them to notice how well, or not, that they are used.
No. You want what THEY won't give
> I would think that would be a must for adequit security?
logs take up space, require backups. remember that disk drives were not always that large. log files more robust usually use tape drives. did you get one of those?
> How can I tell who has changed a File in Win2000
Well, there is the Owner. To skip all records of changes and just look for last ones involved, goto Explorer, left click on title bar, (upper right) such as on Name. You get pop-up now listing more fields like this than you'd ever care to see, and less than what you desire. Enable a few of them to notice how well, or not, that they are used.
Follow the comment postet by aprilmj and you should get what you want. If you only want to know who has changed some files then you don't have to audit failure events but only successful events.
I agree with Audit file object access but be careful! Choose only the files that are critical to watch and not your whole C:/ Drive for instance! The overhead associated with auditing is high and the more files you choose to monitor = a reduction in system response time. The log files can grow quite large as well. Unfortunately, most people want to audit files after an incident already occured. File Auditing is not turned on by default.
Burneweb
Burneweb
It's a two step process:
A primary Setting on the Server
The Other on the resource
and you're looking at Object Access
Change of a file is >> Successful Audit
As a complimentary Link to the above
Take a look at
http://www.earthweb.com/article/0,,10456_623821,00.html
Pretty Decent read..
./Donny
A primary Setting on the Server
The Other on the resource
and you're looking at Object Access
Change of a file is >> Successful Audit
As a complimentary Link to the above
Take a look at
http://www.earthweb.com/article/0,,10456_623821,00.html
Pretty Decent read..
./Donny
astrazx:
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
will give you a pretty reasonable step-by-step guide :)