How can I audit directory deletion?

I have a server on which I would like to audit when someone deletes a directory. I've done the following:

- right click on the drive root and selected properties
- selected security tab then 'Advanced'
- selected 'Auditing' tab
- Clicked 'Add' and entered 'Everyone'
- When the 'Auditing Entry' page comes up I choose 'This folder and subfolders'' from the 'Apply onto' drop down and check 'Delete'. Click OK.

Then I get a message saying that there is no audity policy set. So I go to my local security setting to set the audit policy but I'm not sure what audit policy to turn on. If I turn on Object Access then I get every folder access audited, not just my deletes. What audit policy can I select to ONLY audit the deletes?

Thanks
pteddyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

haim96Commented:
windows server 2003 is limited with auditing on AD but i managed to find this:
http://technet.microsoft.com/en-us/library/cc773319.aspx

server 2008 is far more advanced and you can read about it here:
http://technet.microsoft.com/en-us/library/cc731607.aspx


0
Kelvin_KingCommented:
Do you want to audit just that PC or all the PCs in the enterprise?

- Kelvin
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

pteddyAuthor Commented:
Kevin - I only want to do this on our file server.

Thanks
0
haim96Commented:
any help from my links?
0
Kelvin_KingCommented:
There are many commercial auditing tools out there, but most of them are for large enterprises (i.e auditing hundreds of clients PCs with a centralized server).

In your case, I see not much point in buying them since you are only auditing one machine.

For starters, I suggest downloading Snare, which is an open source auditing program. It's actually capable of enterprise level auditing as well, so you could potentially deploy it in your organization.

Download the server and install a Windows agent on your file server
http://www.intersectalliance.com/snareserver/index.html

Hope that helps
- Kelvin
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pteddyAuthor Commented:
Thanks for the answers. I will check out the links.
0
pteddyAuthor Commented:
haim96 - sorry, I thought I could accept more than one solution but apparently not. thanks for your answers. I am checking out your links.
0
Kelvin_KingCommented:
Glad I could help : )
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.