Solved

how to trace which user/machine that deleted files in a common network share

Posted on 2011-03-17
5
696 Views
Last Modified: 2012-05-11
Hello,

I have a file server running on windows 2003 server. I setup a common share for recreation for users to push-pull (all users authenticate to the share as one single user). Now someone deleted a folder that is commonly used and this caused a commotion. How do I trace which user/machine did it? Thank you.

dimitri
0
Comment
Question by:uridimitri
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35154924
You need to enable and use Auditing.

See this other thread here.  http://www.experts-exchange.com/Networking/Network_Management/Auditing_Software/Q_22631265.html
0
 
LVL 2

Accepted Solution

by:
prerakg earned 500 total points
ID: 35155137
In case of multiple users using the shared resources as a single user on network its very difficult to trace who actually did it.

I faced similar issue and the only way i did it by guessing the time of event when last the folder was modified who actually was working that time can be checked with event messages of windows
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35155161
Multiple users as a single user? You allow generic logins on an AD Network?
0
 

Author Comment

by:uridimitri
ID: 35155373
Yes multiple users as a single user. I gave the same username & password to everyone who needs to access this shared folder. Well if it is difficult to trace then I'll just have to accept it. Thank you all.
0
 

Author Closing Comment

by:uridimitri
ID: 35155603
Thanks for the info
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now