One of my clients has recently let go an employee. A week later all of their QuickBooks data has been deleted including all BU copies. This data was on a Windows SBS 2003 shared with only 4 people having permission to it. I am in the process of trying to recover the lost data now but I have a few questions. These seem simple enough, but I do not have the answers.
1. Is there a way to see who deletes a file either logged into a server or from a share on the network?
2. Looking through the Event Viewer, in the Systems section, there are print warnings for terminal server printers that are being purged from machine names that do not exist on the network and in the Security section, there are tons of successes around the time we think this happened. Is there a way to tell who logs in and out both terminally and locally?
3. (I had it now I can't remember it) I will have to ask it when I remember sorry!