pteddy
asked on
How can I audit directory deletion?
I have a server on which I would like to audit when someone deletes a directory. I've done the following:
- right click on the drive root and selected properties
- selected security tab then 'Advanced'
- selected 'Auditing' tab
- Clicked 'Add' and entered 'Everyone'
- When the 'Auditing Entry' page comes up I choose 'This folder and subfolders'' from the 'Apply onto' drop down and check 'Delete'. Click OK.
Then I get a message saying that there is no audity policy set. So I go to my local security setting to set the audit policy but I'm not sure what audit policy to turn on. If I turn on Object Access then I get every folder access audited, not just my deletes. What audit policy can I select to ONLY audit the deletes?
Thanks
- right click on the drive root and selected properties
- selected security tab then 'Advanced'
- selected 'Auditing' tab
- Clicked 'Add' and entered 'Everyone'
- When the 'Auditing Entry' page comes up I choose 'This folder and subfolders'' from the 'Apply onto' drop down and check 'Delete'. Click OK.
Then I get a message saying that there is no audity policy set. So I go to my local security setting to set the audit policy but I'm not sure what audit policy to turn on. If I turn on Object Access then I get every folder access audited, not just my deletes. What audit policy can I select to ONLY audit the deletes?
Thanks
but of course there is 3'rd party sofwtare like QUEST to audit AD but there very expensive.
some examples:
http://www.netiq.com/products/cgad/default.asp?WT.srch=1&kw=active%20directory%20audits&gclid=CLSwjPfB_5YCFQpOMAodD3O0ZA
http://www.scriptlogic.com/Active_Directory_Auditing.asp
http://www.questsoftware.com.mx/intrust-for-active-directory/
some examples:
http://www.netiq.com/products/cgad/default.asp?WT.srch=1&kw=active%20directory%20audits&gclid=CLSwjPfB_5YCFQpOMAodD3O0ZA
http://www.scriptlogic.com/Active_Directory_Auditing.asp
http://www.questsoftware.com.mx/intrust-for-active-directory/
Do you want to audit just that PC or all the PCs in the enterprise?
- Kelvin
- Kelvin
ASKER
Kevin - I only want to do this on our file server.
Thanks
Thanks
any help from my links?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the answers. I will check out the links.
ASKER
haim96 - sorry, I thought I could accept more than one solution but apparently not. thanks for your answers. I am checking out your links.
Glad I could help : )
http://technet.microsoft.com/en-us/library/cc773319.aspx
server 2008 is far more advanced and you can read about it here:
http://technet.microsoft.com/en-us/library/cc731607.aspx