complete monitoring of files deleted moved and changed

I need to completely monitor a couple of directories on a fileserver, I need to know what the user upended/ deleted change/ a file or group of files and also if the file was moved where it was moved to, I would also like to notification if a group of files is being copied to another location, where that location is what the user is copying the files to IE USB .
This is a relatively small network of approximately hundred and 80 users and I think I have one user that is taking delight in moving files about for the hell of it, deleting bits of the file server and just generally making a mess
I have turned on file auditing but this still does not give me the detail I need

thank you in advance
LetchfordPAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnjcesCommented:
If you have the policy enabled to report file and directory activity, about the only other thing you can do would be to install some folder and file monitoring software.

I do not know if this will work but you can have a look at:

http://fwutilities.wiki.sourceforge.net/

I saw some others on SourceForge (open source and free), and if I find them, I will post them.

With these tools you can set up watches on certain folders files. I do not know whether they will report back the PC or user accessing, changing deleting files etc. IMHO the certainly should.

John
0
LetchfordPAuthor Commented:
thank you for trying to answer the question but unfortunately I still cannot find any software that does the job
does anyone else have any suggestions, getting really desperate now!!
0
Alan Huseyin KayahanCommented:
Hi LetchfordP
     Audit logs are pretty detailed. But you should look at the log with the correct event ID. Please have a look at following PAQ of mine.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_22651773.html

Regards
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
One thing you definitely should do is make sure you have Volume Shadow Snapshots Service enabled and configured for those shares.  That way you can revert back to a previous version of the entire directory if you like... or at least view what it looked like at any point over the last 30 days.  

Technical Overview of VSS:  http://technet2.microsoft.com/windowsserver/en/library/89839cb1-c69f-426f-9e45-adf930c223541033.mspx

Then... if enabling auditing isn't enough, you can always deploy Windows Rights Management Service, but that's a much more complicated security measure and may be more than you are looking to do here.

Jeff
TechSoEasy
0
LetchfordPAuthor Commented:
I think there is no anser
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.