proximityworld
asked on
Who copied, deleted, moved files on my Windows Servers (auditing)
Hi,
I have been asked to research the best solution for auditing our Windows servers. We need to be able to find out who deleted, moved or copied files to and from the servers. We run a Windows 2008 r2 fully functional level domain and our file servers are 2003, 2003 r2 and 2008 r2.
I know this can be setup to report to the even viewer, but is this the only way and what is the best tool to actually find this information.
I assume I will asked question like the following :-
What files has user xxxx accessed?
List all the files that have been deleted
File xxx.doc has been deleted, who did it and when.
What are people using to do this? Is Splunk a good option here as we would get the option to monitor other types of logs and not just Microsoft ones.
An information would be most welcome.
Best wishes
Michael
I have been asked to research the best solution for auditing our Windows servers. We need to be able to find out who deleted, moved or copied files to and from the servers. We run a Windows 2008 r2 fully functional level domain and our file servers are 2003, 2003 r2 and 2008 r2.
I know this can be setup to report to the even viewer, but is this the only way and what is the best tool to actually find this information.
I assume I will asked question like the following :-
What files has user xxxx accessed?
List all the files that have been deleted
File xxx.doc has been deleted, who did it and when.
What are people using to do this? Is Splunk a good option here as we would get the option to monitor other types of logs and not just Microsoft ones.
An information would be most welcome.
Best wishes
Michael
I use share alarm pro on 2 of my file servers. good tool for only $30 per machine.
http://sharealarm.nsauditor.com/
use the folder watcher functionality
http://sharealarm.nsauditor.com/help/folder_watcher.html
http://sharealarm.nsauditor.com/
use the folder watcher functionality
http://sharealarm.nsauditor.com/help/folder_watcher.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
http://www.quest.com/changeauditor-for-windows-file-servers/