?
Solved

Tracking who deleted files on Windows Server 2003

Posted on 2010-08-26
1
Medium Priority
?
900 Views
Last Modified: 2012-05-10
We had a folder deleted on our 2003 server and were looking to see who deleted. I followed the advice in link below, but did not do the trick. We need to know what file or folder was deleted and by who. Right now, I have 'Audit Object Access' under 'Audit Policty' set to track Sucess & Failure, but that does not track or specify the name of folder/file affected.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23211963.html 

Thank you.
0
Comment
Question by:htamraz1
1 Comment
 
LVL 86

Accepted Solution

by:
oBdA earned 2000 total points
ID: 33532608
As described in the link in the question you've linked above:
How to audit user access of files, folders, and printers in Windows XP
http://support.microsoft.com/kb/310399 
Auditing the file system requires two things:
- Enabling the policy auditing for object access
- Enabling auditing on the files and folders to be audited (basically the same way you assign NTFS permissions)
If only the auditing policy was enabled, but there were no auditing ACLs on the files, then I'm afraid you'll just have to restore the deleted folder from backup and live with the fact that there's no way to retroactively find out who deleted the folder.
Don't get carried away if you're planning to enable it now, though; enabling auditing on all folders for all users can bring down the most powerful file server and flood your security event log.
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Is your organization moving toward a cloud and mobile-first environment? In this transition, your IT department will encounter many challenges, such as navigating how to: Deploy new applications and services to a growing team Accommodate employee…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question