Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 903
  • Last Modified:

Tracking who deleted files on Windows Server 2003

We had a folder deleted on our 2003 server and were looking to see who deleted. I followed the advice in link below, but did not do the trick. We need to know what file or folder was deleted and by who. Right now, I have 'Audit Object Access' under 'Audit Policty' set to track Sucess & Failure, but that does not track or specify the name of folder/file affected.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23211963.html 

Thank you.
0
htamraz1
Asked:
htamraz1
1 Solution
 
oBdACommented:
As described in the link in the question you've linked above:
How to audit user access of files, folders, and printers in Windows XP
http://support.microsoft.com/kb/310399 
Auditing the file system requires two things:
- Enabling the policy auditing for object access
- Enabling auditing on the files and folders to be audited (basically the same way you assign NTFS permissions)
If only the auditing policy was enabled, but there were no auditing ACLs on the files, then I'm afraid you'll just have to restore the deleted folder from backup and live with the fact that there's no way to retroactively find out who deleted the folder.
Don't get carried away if you're planning to enable it now, though; enabling auditing on all folders for all users can bring down the most powerful file server and flood your security event log.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now