Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

File access, modification or deletion logs

Posted on 2006-11-27
7
Medium Priority
?
213 Views
Last Modified: 2013-12-04
Is there a way to view a file acess history in xp or in conjunction on windows servers in an AD environment? The only thing I could find remotely close to this is the different time stamps for a files properties.

Basicly, is it logged anywhere either on an xp machine or in an active directory environment which user last viewed a file, who deleted a file, ect.
0
Comment
Question by:xDavidHx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 67

Accepted Solution

by:
sirbounty earned 500 total points
ID: 18024318
Via the use of file auditing - but it must be turned on for you to gain the above advantages:

http://support.microsoft.com/?id=310399
0
 

Author Comment

by:xDavidHx
ID: 18024368
can you enable auditing on all objects by default or do you have to manually enable it per object after enabling it in gp?

is there an option to audit all users under the object or do you have to manually create the list of users to audit?
0
 

Author Comment

by:xDavidHx
ID: 18024461
I just enabled failure and sucess auting on my pc, did a gpupdate /force

enabled file deletion sucess auditing on my C drive for the user im logged in with, deleted a file on my C drive and im not seeing the event in my event viewer security logs
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 18025781
Auditing is available only for NTSF files and folders (and printers). After you enable "Object access" auditinig in policy you sholud go to Security tab of folder (file), click Advanced button, select Auditing tab and add proper group to enable auditing. I would suggest that you do not enable auditing for large group of users (for example Everyone) on entire drive. This would generate too many entries in your Security log.
0
 

Author Comment

by:xDavidHx
ID: 18033443
Did all that, still no security log entries
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18033525
xDavidHx - did you right-click the file(s)/folder(s) you want audited and choose Security?
From there, you'll need to click the Advanced button, Auditing tab, and add the users/groups that you want to audit, along with 'what' you want to audit...
After you've added the user(s)/group(s) - you can choose what to audit there...let me know if that doesn't solve it for you...
0
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 18034674
Does your Auditing policy apply to proper computer account? You can use "gpresult" to check or you can enable auditing of account logon, logoff, logon again and check Security log. Any entries now?
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question