Solved

Is there a realistic way to log file share activity on Win 2008 server?

Posted on 2011-09-14
3
327 Views
Last Modified: 2012-05-12
We have had a few instances of folders on shares being deleted, and no one (obviously) admits to be doing it...  A few days ago, the entire contents of a folder was deleted, but not the folder itself.  I have seen plenty of times when a user accidentally drags a folder into an ajacent folder.  But now we are spending too much time restoring large folders from tape, so I'd like to identify who is doing it, and have a "chat" with them.

We have a modest amount of file usage during a day, our nighly incremental backups are upwards of 12 gigs.  I inagine these logs would get pretty big, that and never having the need to do so, has never needed me to look at this, until now.  I'd really only want to see deletions and moves I think...

It's a single Windows 2008 file server in a single AD domain.  The share is open to the "everyone" group.

If this were you, how would you go about tracking down the "culprit"?
0
Comment
Question by:mchad65
  • 2
3 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 36538958
You can purchase software to track it or you can try turning on the Audit feature.
I have mine turned on for that reason, but it is too early to tell who is deleting files.
Here is a link to explain how to turn it on:
http://technet.microsoft.com/en-us/library/cc731607(WS.10).aspx
0
 

Author Comment

by:mchad65
ID: 36543156
The build in auditing is unmanagable and vague.  It seems to create multiple log entries for a single file read access.  The log filled up in less then 30 seconds after turning it on.  That, and it doesn't seem to capture deletes, which is want I really need.  

Any recommendations on a 3rd party solution?
0
 
LVL 17

Accepted Solution

by:
pjam earned 500 total points
ID: 36543206
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question