We help IT Professionals succeed at work.

complete monitoring of files deleted moved and changed

Medium Priority
Last Modified: 2013-12-02
I need to completely monitor a couple of directories on a fileserver, I need to know what the user upended/ deleted change/ a file or group of files and also if the file was moved where it was moved to, I would also like to notification if a group of files is being copied to another location, where that location is what the user is copying the files to IE USB .
This is a relatively small network of approximately hundred and 80 users and I think I have one user that is taking delight in moving files about for the hell of it, deleting bits of the file server and just generally making a mess
I have turned on file auditing but this still does not give me the detail I need

thank you in advance
Watch Question

If you have the policy enabled to report file and directory activity, about the only other thing you can do would be to install some folder and file monitoring software.

I do not know if this will work but you can have a look at:


I saw some others on SourceForge (open source and free), and if I find them, I will post them.

With these tools you can set up watches on certain folders files. I do not know whether they will report back the PC or user accessing, changing deleting files etc. IMHO the certainly should.



thank you for trying to answer the question but unfortunately I still cannot find any software that does the job
does anyone else have any suggestions, getting really desperate now!!
Top Expert 2007

Hi LetchfordP
     Audit logs are pretty detailed. But you should look at the log with the correct event ID. Please have a look at following PAQ of mine.

Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

One thing you definitely should do is make sure you have Volume Shadow Snapshots Service enabled and configured for those shares.  That way you can revert back to a previous version of the entire directory if you like... or at least view what it looked like at any point over the last 30 days.  

Technical Overview of VSS:  http://technet2.microsoft.com/windowsserver/en/library/89839cb1-c69f-426f-9e45-adf930c223541033.mspx

Then... if enabling auditing isn't enough, you can always deploy Windows Rights Management Service, but that's a much more complicated security measure and may be more than you are looking to do here.

I think there is no anser

Explore More ContentExplore courses, solutions, and other research materials related to this topic.