?
Solved

Is there a realistic way to log file share activity on Win 2008 server?

Posted on 2011-09-14
3
Medium Priority
?
348 Views
Last Modified: 2012-05-12
We have had a few instances of folders on shares being deleted, and no one (obviously) admits to be doing it...  A few days ago, the entire contents of a folder was deleted, but not the folder itself.  I have seen plenty of times when a user accidentally drags a folder into an ajacent folder.  But now we are spending too much time restoring large folders from tape, so I'd like to identify who is doing it, and have a "chat" with them.

We have a modest amount of file usage during a day, our nighly incremental backups are upwards of 12 gigs.  I inagine these logs would get pretty big, that and never having the need to do so, has never needed me to look at this, until now.  I'd really only want to see deletions and moves I think...

It's a single Windows 2008 file server in a single AD domain.  The share is open to the "everyone" group.

If this were you, how would you go about tracking down the "culprit"?
0
Comment
Question by:mchad65
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 36538958
You can purchase software to track it or you can try turning on the Audit feature.
I have mine turned on for that reason, but it is too early to tell who is deleting files.
Here is a link to explain how to turn it on:
http://technet.microsoft.com/en-us/library/cc731607(WS.10).aspx
0
 

Author Comment

by:mchad65
ID: 36543156
The build in auditing is unmanagable and vague.  It seems to create multiple log entries for a single file read access.  The log filled up in less then 30 seconds after turning it on.  That, and it doesn't seem to capture deletes, which is want I really need.  

Any recommendations on a 3rd party solution?
0
 
LVL 17

Accepted Solution

by:
pjam earned 2000 total points
ID: 36543206
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question