Solved

Tracking deleted files on a Windows 2000 Server

Posted on 2006-10-19
1
187 Views
Last Modified: 2010-03-18
Hi

We are using a Windows 2000 SP4 server as our main file server. Client machines are using Windows XP SP2.

Very occasionally, we get users complaining that the odd folder on the file server has been deleted...we normally carry out a search for it and it turns out the folder
has been accidentally moved.

However, a user reported a bunch of folders and subfolders missing yesterday. We carried out a search to no avail, so we had to restore from backup.

Is there any way we can track/audit what happened to these files? I suppose we may be too late in this case, but perhaps in the future?

Many thanks
0
Comment
Question by:Dilan77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 9

Accepted Solution

by:
trenes earned 250 total points
ID: 17764624
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/13w2kadc.mspx
Auditing Files and Folders
If you configure a group policy to enable the Audit Object Access option, you can set the level of auditing for individual folders and files. This allows you to control precisely how folder and file usage is tracked. Auditing of this type is only available on NTFS volumes.

You can configure file and folder auditing by completing the following steps:

1. In Windows Explorer, right-click the file or folder to be audited, and then from the pop-up menu select Properties.
2. Choose the Security tab, and then click Advanced.
3. In the Access Control Settings dialog box, select the Auditing tab, shown in Figure 13-15.
4. If you want to inherit auditing settings from a parent object, ensure that Allow Inheritable Auditing Entries From Parent To Propagate To This Object is selected.
5. If you want child objects of the current object to inherit the settings, select Reset Auditing Entries On All Child Objects And Enable Propagation Of Inheritable Auditing Entries.
6. Use the Auditing Entries list box to select the users, groups, or computers whose actions you want to audit. To remove an account, select the account in the Auditing Entries list box, and then click Remove.
7. To add specific accounts, click Add, and then use the Select Users, Contacts, Computers, Or Groups dialog box to select an account name to add.

Note: If you want to audit actions for all users, use the special group Everyone. Otherwise, select the specific user groups or users, or both, that you want to audit.
 
8. As necessary, use the Apply Onto drop-down list box to specify where objects are audited.
9. Select the Successful or Failed check boxes, or both, for each of the events you want to audit. Successful logs successful events, such as successful file reads. Failed logs failed events, such as failed file deletions. The events you can audit are the same as the special permissions listed in Table 13-5—except you can't audit synchronizing of offline files and folders.

10.Choose OK when you're finished. Repeat this process to audit other users, groups, or computers.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Routing between two networks? 10 106
2 LAN/WAN on One Server 2 67
Cannot Change Local DNS 9 94
Monitor changes to folder and file permissions - automated reporting 6 106
Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question