When I want to know who made a change to a file, I use shadow copy to find when the change occured, then check the file ownership to see who made the change.
This has often been useful in troubleshooting business issues, like "who changed the expiration data in that important contract?"
Unfortunately, when a Windows 7 user modifies a file, the ownership is not changed. And, when a file is created, the owner is Administrator.
When an XP user creates or modifies a file, the file owner reflects that person's alteration of the file.
Is there some sort of group policy that I need to modify to make Windows 7 computers work like XP computers?
I am running sbs 2003 SP2 on the server.