asked on

Who copied, deleted, moved files on my Windows Servers (auditing)

Hi,

I have been asked to research the best solution for auditing our Windows servers. We need to be able to find out who deleted, moved or copied files to and from the servers. We run a Windows 2008 r2 fully functional level domain and our file servers are 2003, 2003 r2 and 2008 r2.

I know this can be setup to report to the even viewer, but is this the only way and what is the best tool to actually find this information.

I assume I will asked question like the following :-

What files has user xxxx accessed?

List all the files that have been deleted

File xxx.doc has been deleted, who did it and when.

What are people using to do this? Is Splunk a good option here as we would get the option to monitor other types of logs and not just Microsoft ones.

An information would be most welcome.

Best wishes

Michael

KenMcF

Take a look at the products from Quest. I have used this in a DEV environment and have seen many demo's from Quest. It works really well and think it offers everything you are looking for.

http://www.quest.com/changeauditor-for-windows-file-servers/

king daddy

I use share alarm pro on 2 of my file servers. good tool for only $30 per machine.

http://sharealarm.nsauditor.com/

use the folder watcher functionality

http://sharealarm.nsauditor.com/help/folder_watcher.html

ASKER CERTIFIED SOLUTION

proximityworld

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Glen Knight

This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.