I recieved an email today informing me that some folders had "gone missing" from the main network share. I was able to locate the files in question - it looked like someone had dragged and dropped them by mistake. I asked the individual whose username appeared in the created by folder property and they have protested their innocence - i tend to believe them as if it had of been them they would have been straight round to me in a panic.
Before i jump to the conclusion that it was another person who just happened to be using the first individuals unlocked pc i wanted to know if there was any way of querying the AD to discover if the username was used to log on via a different machine and then the files moved.
(And before you start dont mention file security, best practices etc - i have been trying to get these implemented since i got here in feb but nothing can be done without a policy - which i have written - but is yet to be agreed by the bods above! )