How can I audit directory deletion?

I have a server on which I would like to audit when someone deletes a directory. I've done the following:

- right click on the drive root and selected properties
- selected security tab then 'Advanced'
- selected 'Auditing' tab
- Clicked 'Add' and entered 'Everyone'
- When the 'Auditing Entry' page comes up I choose 'This folder and subfolders'' from the 'Apply onto' drop down and check 'Delete'. Click OK.

Then I get a message saying that there is no audity policy set. So I go to my local security setting to set the audit policy but I'm not sure what audit policy to turn on. If I turn on Object Access then I get every folder access audited, not just my deletes. What audit policy can I select to ONLY audit the deletes?

Thanks
pteddyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

haim96Commented:
windows server 2003 is limited with auditing on AD but i managed to find this:
http://technet.microsoft.com/en-us/library/cc773319.aspx

server 2008 is far more advanced and you can read about it here:
http://technet.microsoft.com/en-us/library/cc731607.aspx


Kelvin_KingCommented:
Do you want to audit just that PC or all the PCs in the enterprise?

- Kelvin
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

pteddyAuthor Commented:
Kevin - I only want to do this on our file server.

Thanks
haim96Commented:
any help from my links?
Kelvin_KingCommented:
There are many commercial auditing tools out there, but most of them are for large enterprises (i.e auditing hundreds of clients PCs with a centralized server).

In your case, I see not much point in buying them since you are only auditing one machine.

For starters, I suggest downloading Snare, which is an open source auditing program. It's actually capable of enterprise level auditing as well, so you could potentially deploy it in your organization.

Download the server and install a Windows agent on your file server
http://www.intersectalliance.com/snareserver/index.html

Hope that helps
- Kelvin

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pteddyAuthor Commented:
Thanks for the answers. I will check out the links.
pteddyAuthor Commented:
haim96 - sorry, I thought I could accept more than one solution but apparently not. thanks for your answers. I am checking out your links.
Kelvin_KingCommented:
Glad I could help : )
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.