?
Solved

Windows 2003 File Server - Delete Tracking

Posted on 2009-02-09
7
Medium Priority
?
859 Views
Last Modified: 2012-05-06
My file server is running Windows 2003 Enterprise R2.  Is there a way to track which user name deletes specific files?
0
Comment
Question by:deklinm
5 Comments
 
LVL 31

Accepted Solution

by:
Toni Uranjek earned 500 total points
ID: 23592964
Hi deklinm,

Yes. First enable Object access auditing on file server through local policy or with GPO. Then go to folder you wish to monitor, right click, select Properties, go to Security tab, click Advanced button go to Auditing tab. Select group/user you want to monito, select Delete file Success/failure. Then check security log for two events: 560 and 564 to extract info which user has succesfuly delete file.

Step-bystep guides:

"Define or modify auditing policy settings for an event category"
http://technet.microsoft.com/en-us/library/cc787268.aspx

"Apply or modify auditing policy settings for a local file or folder"
http://technet.microsoft.com/en-us/library/cc784387.aspx

HTH

Toni
0
 
LVL 9

Assisted Solution

by:L3370
L3370 earned 500 total points
ID: 23592978
Yes. You can set Auditing.

Here is a Microsoft KB article that describes the process.\
http://support.microsoft.com/kb/310399

You will have to specify the folders and files you want to audit.  

Also.. Make sure you have the space for this!  The logs on this kind of process can easily become large and unwieldy.  Make sure your event logs can reach the size or overwrite as needed.
0
 
LVL 9

Expert Comment

by:L3370
ID: 23592988
toniur, you are a worthy adversary...beat me to the punch :P
0
 
LVL 6

Assisted Solution

by:cobra09
cobra09 earned 500 total points
ID: 23593492
Enable Auditing is one part of the solution. Because it will throw 100 thousand entries making it difficult to track..

Please see the attached PDF.
System-Admin-Tips--How-to-audit-.pdf
0
 
LVL 3

Assisted Solution

by:superggg
superggg earned 500 total points
ID: 24262068

FileSure by bystorm software will do what you are looking for.
www.bystorm.com
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question