how to trace which user/machine that deleted files in a common network share

Hello,

I have a file server running on windows 2003 server. I setup a common share for recreation for users to push-pull (all users authenticate to the share as one single user). Now someone deleted a folder that is commonly used and this caused a commotion. How do I trace which user/machine did it? Thank you.

dimitri
uridimitriAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
prerakgConnect With a Mentor Commented:
In case of multiple users using the shared resources as a single user on network its very difficult to trace who actually did it.

I faced similar issue and the only way i did it by guessing the time of event when last the folder was modified who actually was working that time can be checked with event messages of windows
0
 
Neil RussellTechnical Development LeadCommented:
You need to enable and use Auditing.

See this other thread here.  http://www.experts-exchange.com/Networking/Network_Management/Auditing_Software/Q_22631265.html
0
 
Neil RussellTechnical Development LeadCommented:
Multiple users as a single user? You allow generic logins on an AD Network?
0
 
uridimitriAuthor Commented:
Yes multiple users as a single user. I gave the same username & password to everyone who needs to access this shared folder. Well if it is difficult to trace then I'll just have to accept it. Thank you all.
0
 
uridimitriAuthor Commented:
Thanks for the info
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.