Is there a realistic way to log file share activity on Win 2008 server?

Posted on 2011-09-14
Medium Priority
Last Modified: 2012-05-12
We have had a few instances of folders on shares being deleted, and no one (obviously) admits to be doing it...  A few days ago, the entire contents of a folder was deleted, but not the folder itself.  I have seen plenty of times when a user accidentally drags a folder into an ajacent folder.  But now we are spending too much time restoring large folders from tape, so I'd like to identify who is doing it, and have a "chat" with them.

We have a modest amount of file usage during a day, our nighly incremental backups are upwards of 12 gigs.  I inagine these logs would get pretty big, that and never having the need to do so, has never needed me to look at this, until now.  I'd really only want to see deletions and moves I think...

It's a single Windows 2008 file server in a single AD domain.  The share is open to the "everyone" group.

If this were you, how would you go about tracking down the "culprit"?
Question by:mchad65
  • 2
LVL 17

Expert Comment

ID: 36538958
You can purchase software to track it or you can try turning on the Audit feature.
I have mine turned on for that reason, but it is too early to tell who is deleting files.
Here is a link to explain how to turn it on:

Author Comment

ID: 36543156
The build in auditing is unmanagable and vague.  It seems to create multiple log entries for a single file read access.  The log filled up in less then 30 seconds after turning it on.  That, and it doesn't seem to capture deletes, which is want I really need.  

Any recommendations on a 3rd party solution?
LVL 17

Accepted Solution

pjam earned 2000 total points
ID: 36543206

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question