Solved

Tracking deleted files on a Windows 2000 Server

Posted on 2006-10-19
1
169 Views
Last Modified: 2010-03-18
Hi

We are using a Windows 2000 SP4 server as our main file server. Client machines are using Windows XP SP2.

Very occasionally, we get users complaining that the odd folder on the file server has been deleted...we normally carry out a search for it and it turns out the folder
has been accidentally moved.

However, a user reported a bunch of folders and subfolders missing yesterday. We carried out a search to no avail, so we had to restore from backup.

Is there any way we can track/audit what happened to these files? I suppose we may be too late in this case, but perhaps in the future?

Many thanks
0
Comment
Question by:Dilan77
1 Comment
 
LVL 9

Accepted Solution

by:
trenes earned 250 total points
ID: 17764624
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/13w2kadc.mspx
Auditing Files and Folders
If you configure a group policy to enable the Audit Object Access option, you can set the level of auditing for individual folders and files. This allows you to control precisely how folder and file usage is tracked. Auditing of this type is only available on NTFS volumes.

You can configure file and folder auditing by completing the following steps:

1. In Windows Explorer, right-click the file or folder to be audited, and then from the pop-up menu select Properties.
2. Choose the Security tab, and then click Advanced.
3. In the Access Control Settings dialog box, select the Auditing tab, shown in Figure 13-15.
4. If you want to inherit auditing settings from a parent object, ensure that Allow Inheritable Auditing Entries From Parent To Propagate To This Object is selected.
5. If you want child objects of the current object to inherit the settings, select Reset Auditing Entries On All Child Objects And Enable Propagation Of Inheritable Auditing Entries.
6. Use the Auditing Entries list box to select the users, groups, or computers whose actions you want to audit. To remove an account, select the account in the Auditing Entries list box, and then click Remove.
7. To add specific accounts, click Add, and then use the Select Users, Contacts, Computers, Or Groups dialog box to select an account name to add.

Note: If you want to audit actions for all users, use the special group Everyone. Otherwise, select the specific user groups or users, or both, that you want to audit.
 
8. As necessary, use the Apply Onto drop-down list box to specify where objects are audited.
9. Select the Successful or Failed check boxes, or both, for each of the events you want to audit. Successful logs successful events, such as successful file reads. Failed logs failed events, such as failed file deletions. The events you can audit are the same as the special permissions listed in Table 13-5—except you can't audit synchronizing of offline files and folders.

10.Choose OK when you're finished. Repeat this process to audit other users, groups, or computers.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question