Windows 2003 File Server - Delete Tracking

Posted on 2009-02-09
Last Modified: 2012-05-06
My file server is running Windows 2003 Enterprise R2.  Is there a way to track which user name deletes specific files?
Question by:deklinm
    LVL 31

    Accepted Solution

    Hi deklinm,

    Yes. First enable Object access auditing on file server through local policy or with GPO. Then go to folder you wish to monitor, right click, select Properties, go to Security tab, click Advanced button go to Auditing tab. Select group/user you want to monito, select Delete file Success/failure. Then check security log for two events: 560 and 564 to extract info which user has succesfuly delete file.

    Step-bystep guides:

    "Define or modify auditing policy settings for an event category"

    "Apply or modify auditing policy settings for a local file or folder"


    LVL 9

    Assisted Solution

    Yes. You can set Auditing.

    Here is a Microsoft KB article that describes the process.\

    You will have to specify the folders and files you want to audit.  

    Also.. Make sure you have the space for this!  The logs on this kind of process can easily become large and unwieldy.  Make sure your event logs can reach the size or overwrite as needed.
    LVL 9

    Expert Comment

    toniur, you are a worthy adversary...beat me to the punch :P
    LVL 6

    Assisted Solution

    Enable Auditing is one part of the solution. Because it will throw 100 thousand entries making it difficult to track..

    Please see the attached PDF.
    LVL 3

    Assisted Solution


    FileSure by bystorm software will do what you are looking for.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    It is a known fact that servers reach the end of their lives. Some get there quicker than others, based on age, manufacturer, usage and several other factors. However, if your organization has spent time deploying Microsoft's Active Directory server…
    Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now