Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Tracking deleted files on a Windows 2000 Server

Posted on 2006-10-19
1
Medium Priority
?
195 Views
Last Modified: 2010-03-18
Hi

We are using a Windows 2000 SP4 server as our main file server. Client machines are using Windows XP SP2.

Very occasionally, we get users complaining that the odd folder on the file server has been deleted...we normally carry out a search for it and it turns out the folder
has been accidentally moved.

However, a user reported a bunch of folders and subfolders missing yesterday. We carried out a search to no avail, so we had to restore from backup.

Is there any way we can track/audit what happened to these files? I suppose we may be too late in this case, but perhaps in the future?

Many thanks
0
Comment
Question by:Dilan77
1 Comment
 
LVL 9

Accepted Solution

by:
trenes earned 750 total points
ID: 17764624
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/13w2kadc.mspx
Auditing Files and Folders
If you configure a group policy to enable the Audit Object Access option, you can set the level of auditing for individual folders and files. This allows you to control precisely how folder and file usage is tracked. Auditing of this type is only available on NTFS volumes.

You can configure file and folder auditing by completing the following steps:

1. In Windows Explorer, right-click the file or folder to be audited, and then from the pop-up menu select Properties.
2. Choose the Security tab, and then click Advanced.
3. In the Access Control Settings dialog box, select the Auditing tab, shown in Figure 13-15.
4. If you want to inherit auditing settings from a parent object, ensure that Allow Inheritable Auditing Entries From Parent To Propagate To This Object is selected.
5. If you want child objects of the current object to inherit the settings, select Reset Auditing Entries On All Child Objects And Enable Propagation Of Inheritable Auditing Entries.
6. Use the Auditing Entries list box to select the users, groups, or computers whose actions you want to audit. To remove an account, select the account in the Auditing Entries list box, and then click Remove.
7. To add specific accounts, click Add, and then use the Select Users, Contacts, Computers, Or Groups dialog box to select an account name to add.

Note: If you want to audit actions for all users, use the special group Everyone. Otherwise, select the specific user groups or users, or both, that you want to audit.
 
8. As necessary, use the Apply Onto drop-down list box to specify where objects are audited.
9. Select the Successful or Failed check boxes, or both, for each of the events you want to audit. Successful logs successful events, such as successful file reads. Failed logs failed events, such as failed file deletions. The events you can audit are the same as the special permissions listed in Table 13-5—except you can't audit synchronizing of offline files and folders.

10.Choose OK when you're finished. Repeat this process to audit other users, groups, or computers.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question