• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 707
  • Last Modified:

how to trace which user/machine that deleted files in a common network share

Hello,

I have a file server running on windows 2003 server. I setup a common share for recreation for users to push-pull (all users authenticate to the share as one single user). Now someone deleted a folder that is commonly used and this caused a commotion. How do I trace which user/machine did it? Thank you.

dimitri
0
uridimitri
Asked:
uridimitri
  • 2
  • 2
1 Solution
 
Neil RussellTechnical Development LeadCommented:
You need to enable and use Auditing.

See this other thread here.  http://www.experts-exchange.com/Networking/Network_Management/Auditing_Software/Q_22631265.html
0
 
prerakgCommented:
In case of multiple users using the shared resources as a single user on network its very difficult to trace who actually did it.

I faced similar issue and the only way i did it by guessing the time of event when last the folder was modified who actually was working that time can be checked with event messages of windows
0
 
Neil RussellTechnical Development LeadCommented:
Multiple users as a single user? You allow generic logins on an AD Network?
0
 
uridimitriAuthor Commented:
Yes multiple users as a single user. I gave the same username & password to everyone who needs to access this shared folder. Well if it is difficult to trace then I'll just have to accept it. Thank you all.
0
 
uridimitriAuthor Commented:
Thanks for the info
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now