complete monitoring of files deleted moved and changed

I need to completely monitor a couple of directories on a fileserver, I need to know what the user upended/ deleted change/ a file or group of files and also if the file was moved where it was moved to, I would also like to notification if a group of files is being copied to another location, where that location is what the user is copying the files to IE USB .
This is a relatively small network of approximately hundred and 80 users and I think I have one user that is taking delight in moving files about for the hell of it, deleting bits of the file server and just generally making a mess
I have turned on file auditing but this still does not give me the detail I need

thank you in advance
LetchfordPAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
LetchfordPConnect With a Mentor Author Commented:
I think there is no anser
0
 
JohnjcesCommented:
If you have the policy enabled to report file and directory activity, about the only other thing you can do would be to install some folder and file monitoring software.

I do not know if this will work but you can have a look at:

http://fwutilities.wiki.sourceforge.net/

I saw some others on SourceForge (open source and free), and if I find them, I will post them.

With these tools you can set up watches on certain folders files. I do not know whether they will report back the PC or user accessing, changing deleting files etc. IMHO the certainly should.

John
0
 
LetchfordPAuthor Commented:
thank you for trying to answer the question but unfortunately I still cannot find any software that does the job
does anyone else have any suggestions, getting really desperate now!!
0
 
Alan Huseyin KayahanCommented:
Hi LetchfordP
     Audit logs are pretty detailed. But you should look at the log with the correct event ID. Please have a look at following PAQ of mine.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_22651773.html

Regards
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
One thing you definitely should do is make sure you have Volume Shadow Snapshots Service enabled and configured for those shares.  That way you can revert back to a previous version of the entire directory if you like... or at least view what it looked like at any point over the last 30 days.  

Technical Overview of VSS:  http://technet2.microsoft.com/windowsserver/en/library/89839cb1-c69f-426f-9e45-adf930c223541033.mspx

Then... if enabling auditing isn't enough, you can always deploy Windows Rights Management Service, but that's a much more complicated security measure and may be more than you are looking to do here.

Jeff
TechSoEasy
0
All Courses

From novice to tech pro — start learning today.