Copy files from network drive

How can I find out who is moving files from a folder on our network share drive? We have a folder on the network share drive. Some files will disappeared every one min.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


First of all you can set this folder read-only
Second - I'm not sure whether standard windows tools allowing network logging, however you always can review opened network sessions by clicking right mouse button to the my computer, then manage, then shared folders there you can review the list of the shares, the list of current network sessions, the list of currently opened files.

Good luck
If you have an Active Directory Domain you can enable GPO directive to audit tha access to objects (folders and files). That will log entries on the security log of the server.
Even if no AD is implemented still you can monitor by analysing SECURITY event logs on server.

First enable following GP settings.
local comp policy > computer configuration  > windows setting > security setting > local policies > audit policies > AUDIT Obeject Access
Values should be selected for both SUCCESS, Failure

This will enable logging for all kind of object access on server. Then start analysing the security logs.
you will sure find the logs for moving files.

Success audit is not recommended as his will generate hugh logs & you need to clear logs frequently
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Is it really every 1 minute?

If so, that suggests something doing it automatically, like a script, over a person moving the files off.

You can use the suggestions above, but if you want to know where they ended up, I suggest using some inventory software.  You can google for some freeware type stuff, or even just write your own script using tools like psinfo.  Might take awhile, but it can be worthwhile.

Use following steps to find out who is deleting files.
1) Open event viewer > security  events > sort logs by catagories > look on OBJECT ACCESS catagory enteries.
2) Open any entry by double clicking. This will give you complete info like object accessed, user name, activity date/time.

I have pasted one screenshot if you need some idea.
Anil Kumar

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
if you find this helpful kindly provide feedback.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.