We help IT Professionals succeed at work.

complete monitoring of files deleted moved and changed

Medium Priority
243 Views
Last Modified: 2013-12-02
I need to completely monitor a couple of directories on a fileserver, I need to know what the user upended/ deleted change/ a file or group of files and also if the file was moved where it was moved to, I would also like to notification if a group of files is being copied to another location, where that location is what the user is copying the files to IE USB .
This is a relatively small network of approximately hundred and 80 users and I think I have one user that is taking delight in moving files about for the hell of it, deleting bits of the file server and just generally making a mess
I have turned on file auditing but this still does not give me the detail I need

thank you in advance
Comment
Watch Question

Commented:
If you have the policy enabled to report file and directory activity, about the only other thing you can do would be to install some folder and file monitoring software.

I do not know if this will work but you can have a look at:

http://fwutilities.wiki.sourceforge.net/

I saw some others on SourceForge (open source and free), and if I find them, I will post them.

With these tools you can set up watches on certain folders files. I do not know whether they will report back the PC or user accessing, changing deleting files etc. IMHO the certainly should.

John

Author

Commented:
thank you for trying to answer the question but unfortunately I still cannot find any software that does the job
does anyone else have any suggestions, getting really desperate now!!
CERTIFIED EXPERT
Top Expert 2007

Commented:
Hi LetchfordP
     Audit logs are pretty detailed. But you should look at the log with the correct event ID. Please have a look at following PAQ of mine.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_22651773.html

Regards
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
One thing you definitely should do is make sure you have Volume Shadow Snapshots Service enabled and configured for those shares.  That way you can revert back to a previous version of the entire directory if you like... or at least view what it looked like at any point over the last 30 days.  

Technical Overview of VSS:  http://technet2.microsoft.com/windowsserver/en/library/89839cb1-c69f-426f-9e45-adf930c223541033.mspx

Then... if enabling auditing isn't enough, you can always deploy Windows Rights Management Service, but that's a much more complicated security measure and may be more than you are looking to do here.

Jeff
TechSoEasy
I think there is no anser

Explore More ContentExplore courses, solutions, and other research materials related to this topic.