Solved

File access, modification or deletion logs

Posted on 2006-11-27
7
207 Views
Last Modified: 2013-12-04
Is there a way to view a file acess history in xp or in conjunction on windows servers in an AD environment? The only thing I could find remotely close to this is the different time stamps for a files properties.

Basicly, is it logged anywhere either on an xp machine or in an active directory environment which user last viewed a file, who deleted a file, ect.
0
Comment
Question by:xDavidHx
  • 3
  • 2
  • 2
7 Comments
 
LVL 67

Accepted Solution

by:
sirbounty earned 125 total points
ID: 18024318
Via the use of file auditing - but it must be turned on for you to gain the above advantages:

http://support.microsoft.com/?id=310399
0
 

Author Comment

by:xDavidHx
ID: 18024368
can you enable auditing on all objects by default or do you have to manually enable it per object after enabling it in gp?

is there an option to audit all users under the object or do you have to manually create the list of users to audit?
0
 

Author Comment

by:xDavidHx
ID: 18024461
I just enabled failure and sucess auting on my pc, did a gpupdate /force

enabled file deletion sucess auditing on my C drive for the user im logged in with, deleted a file on my C drive and im not seeing the event in my event viewer security logs
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 18025781
Auditing is available only for NTSF files and folders (and printers). After you enable "Object access" auditinig in policy you sholud go to Security tab of folder (file), click Advanced button, select Auditing tab and add proper group to enable auditing. I would suggest that you do not enable auditing for large group of users (for example Everyone) on entire drive. This would generate too many entries in your Security log.
0
 

Author Comment

by:xDavidHx
ID: 18033443
Did all that, still no security log entries
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18033525
xDavidHx - did you right-click the file(s)/folder(s) you want audited and choose Security?
From there, you'll need to click the Advanced button, Auditing tab, and add the users/groups that you want to audit, along with 'what' you want to audit...
After you've added the user(s)/group(s) - you can choose what to audit there...let me know if that doesn't solve it for you...
0
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 18034674
Does your Auditing policy apply to proper computer account? You can use "gpresult" to check or you can enable auditing of account logon, logoff, logon again and check Security log. Any entries now?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now