Solved

Tracking who deleted files on Windows Server 2003

Posted on 2010-08-26
1
888 Views
Last Modified: 2012-05-10
We had a folder deleted on our 2003 server and were looking to see who deleted. I followed the advice in link below, but did not do the trick. We need to know what file or folder was deleted and by who. Right now, I have 'Audit Object Access' under 'Audit Policty' set to track Sucess & Failure, but that does not track or specify the name of folder/file affected.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23211963.html 

Thank you.
0
Comment
Question by:htamraz1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 33532608
As described in the link in the question you've linked above:
How to audit user access of files, folders, and printers in Windows XP
http://support.microsoft.com/kb/310399 
Auditing the file system requires two things:
- Enabling the policy auditing for object access
- Enabling auditing on the files and folders to be audited (basically the same way you assign NTFS permissions)
If only the auditing policy was enabled, but there were no auditing ACLs on the files, then I'm afraid you'll just have to restore the deleted folder from backup and live with the fact that there's no way to retroactively find out who deleted the folder.
Don't get carried away if you're planning to enable it now, though; enabling auditing on all folders for all users can bring down the most powerful file server and flood your security event log.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question