Solved

File access, modification or deletion logs

Posted on 2006-11-27
7
208 Views
Last Modified: 2013-12-04
Is there a way to view a file acess history in xp or in conjunction on windows servers in an AD environment? The only thing I could find remotely close to this is the different time stamps for a files properties.

Basicly, is it logged anywhere either on an xp machine or in an active directory environment which user last viewed a file, who deleted a file, ect.
0
Comment
Question by:xDavidHx
  • 3
  • 2
  • 2
7 Comments
 
LVL 67

Accepted Solution

by:
sirbounty earned 125 total points
ID: 18024318
Via the use of file auditing - but it must be turned on for you to gain the above advantages:

http://support.microsoft.com/?id=310399
0
 

Author Comment

by:xDavidHx
ID: 18024368
can you enable auditing on all objects by default or do you have to manually enable it per object after enabling it in gp?

is there an option to audit all users under the object or do you have to manually create the list of users to audit?
0
 

Author Comment

by:xDavidHx
ID: 18024461
I just enabled failure and sucess auting on my pc, did a gpupdate /force

enabled file deletion sucess auditing on my C drive for the user im logged in with, deleted a file on my C drive and im not seeing the event in my event viewer security logs
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 18025781
Auditing is available only for NTSF files and folders (and printers). After you enable "Object access" auditinig in policy you sholud go to Security tab of folder (file), click Advanced button, select Auditing tab and add proper group to enable auditing. I would suggest that you do not enable auditing for large group of users (for example Everyone) on entire drive. This would generate too many entries in your Security log.
0
 

Author Comment

by:xDavidHx
ID: 18033443
Did all that, still no security log entries
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18033525
xDavidHx - did you right-click the file(s)/folder(s) you want audited and choose Security?
From there, you'll need to click the Advanced button, Auditing tab, and add the users/groups that you want to audit, along with 'what' you want to audit...
After you've added the user(s)/group(s) - you can choose what to audit there...let me know if that doesn't solve it for you...
0
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 18034674
Does your Auditing policy apply to proper computer account? You can use "gpresult" to check or you can enable auditing of account logon, logoff, logon again and check Security log. Any entries now?
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question