Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How can I audit directory deletion?

Posted on 2008-11-18
9
Medium Priority
?
421 Views
Last Modified: 2012-05-05
I have a server on which I would like to audit when someone deletes a directory. I've done the following:

- right click on the drive root and selected properties
- selected security tab then 'Advanced'
- selected 'Auditing' tab
- Clicked 'Add' and entered 'Everyone'
- When the 'Auditing Entry' page comes up I choose 'This folder and subfolders'' from the 'Apply onto' drop down and check 'Delete'. Click OK.

Then I get a message saying that there is no audity policy set. So I go to my local security setting to set the audit policy but I'm not sure what audit policy to turn on. If I turn on Object Access then I get every folder access audited, not just my deletes. What audit policy can I select to ONLY audit the deletes?

Thanks
0
Comment
Question by:pteddy
  • 3
  • 3
  • 3
9 Comments
 
LVL 13

Expert Comment

by:haim96
ID: 22988132
windows server 2003 is limited with auditing on AD but i managed to find this:
http://technet.microsoft.com/en-us/library/cc773319.aspx

server 2008 is far more advanced and you can read about it here:
http://technet.microsoft.com/en-us/library/cc731607.aspx


0
 
LVL 13

Expert Comment

by:haim96
ID: 22988180
0
 
LVL 13

Expert Comment

by:Kelvin_King
ID: 22991864
Do you want to audit just that PC or all the PCs in the enterprise?

- Kelvin
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:pteddy
ID: 22996841
Kevin - I only want to do this on our file server.

Thanks
0
 
LVL 13

Expert Comment

by:haim96
ID: 22997260
any help from my links?
0
 
LVL 13

Accepted Solution

by:
Kelvin_King earned 375 total points
ID: 23000493
There are many commercial auditing tools out there, but most of them are for large enterprises (i.e auditing hundreds of clients PCs with a centralized server).

In your case, I see not much point in buying them since you are only auditing one machine.

For starters, I suggest downloading Snare, which is an open source auditing program. It's actually capable of enterprise level auditing as well, so you could potentially deploy it in your organization.

Download the server and install a Windows agent on your file server
http://www.intersectalliance.com/snareserver/index.html

Hope that helps
- Kelvin
0
 

Author Comment

by:pteddy
ID: 23005482
Thanks for the answers. I will check out the links.
0
 

Author Comment

by:pteddy
ID: 23005498
haim96 - sorry, I thought I could accept more than one solution but apparently not. thanks for your answers. I am checking out your links.
0
 
LVL 13

Expert Comment

by:Kelvin_King
ID: 23009689
Glad I could help : )
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question