Recovering data and information on Win 2000 server.
I have a Windows 2000 server PDC network that one of my users quit and erased all of their files loaded on the server. What kind of accounting information can I find to be able to tell when the files were deleted and by what user and what time? The former employee did a lot of damage and we need to have this information. Thanks.
I am not fimiliar with Win 2000, but I suspect there is a folder with log files somewhere.
If you haven't enabled auditing on the machine and the folder in question prior to the event, there's pretty much nothing you can do to find out who deleted what when. Windows by itself doesn't log deletion or creation of files unless told so.
The only option to find out which files were deleted is restoring a backup of the folder in question to another location, then compare the contents of the of the deleted folder with the restored folder.
The only option to find out which files were deleted is restoring a backup of the folder in question to another location, then compare the contents of the of the deleted folder with the restored folder.
I concur with oBdA - unless you previously enabled auditing for file access, there list no way I've every heard of to get your data back. You can, of course, yank the drive(s) from the system and send them to a data recovery service, like OnTrack - but that would be my only suggestion - and there's no guarentee they will be able to recover the data or give any information on who deleted the files and/or when.
ASKER
I've recovered my data, my problem is I want to be able to tell when the files were deleted and by whom. I checked an auditing was not turned on. Is their anyother way to tell? Are their any third party applications that I can that will tell me.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
John,
Did that help you sort it out at all?
If you need anyhelp setting either the Defult domain or local security policys for logging let me know.
in addtion there is a product call spectorCNE by spector software that provides for so really great user watching.
kelo501
Did that help you sort it out at all?
If you need anyhelp setting either the Defult domain or local security policys for logging let me know.
in addtion there is a product call spectorCNE by spector software that provides for so really great user watching.
kelo501
thanks hewittg