how to trace which user/machine that deleted files in a common network share


I have a file server running on windows 2003 server. I setup a common share for recreation for users to push-pull (all users authenticate to the share as one single user). Now someone deleted a folder that is commonly used and this caused a commotion. How do I trace which user/machine did it? Thank you.

Who is Participating?

Improve company productivity with a Business Account.Sign Up

prerakgConnect With a Mentor Commented:
In case of multiple users using the shared resources as a single user on network its very difficult to trace who actually did it.

I faced similar issue and the only way i did it by guessing the time of event when last the folder was modified who actually was working that time can be checked with event messages of windows
Neil RussellTechnical Development LeadCommented:
You need to enable and use Auditing.

See this other thread here.
Neil RussellTechnical Development LeadCommented:
Multiple users as a single user? You allow generic logins on an AD Network?
uridimitriAuthor Commented:
Yes multiple users as a single user. I gave the same username & password to everyone who needs to access this shared folder. Well if it is difficult to trace then I'll just have to accept it. Thank you all.
uridimitriAuthor Commented:
Thanks for the info
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.