Solved

Is there a realistic way to log file share activity on Win 2008 server?

Posted on 2011-09-14
3
296 Views
Last Modified: 2012-05-12
We have had a few instances of folders on shares being deleted, and no one (obviously) admits to be doing it...  A few days ago, the entire contents of a folder was deleted, but not the folder itself.  I have seen plenty of times when a user accidentally drags a folder into an ajacent folder.  But now we are spending too much time restoring large folders from tape, so I'd like to identify who is doing it, and have a "chat" with them.

We have a modest amount of file usage during a day, our nighly incremental backups are upwards of 12 gigs.  I inagine these logs would get pretty big, that and never having the need to do so, has never needed me to look at this, until now.  I'd really only want to see deletions and moves I think...

It's a single Windows 2008 file server in a single AD domain.  The share is open to the "everyone" group.

If this were you, how would you go about tracking down the "culprit"?
0
Comment
Question by:mchad65
  • 2
3 Comments
 
LVL 17

Expert Comment

by:pjam
Comment Utility
You can purchase software to track it or you can try turning on the Audit feature.
I have mine turned on for that reason, but it is too early to tell who is deleting files.
Here is a link to explain how to turn it on:
http://technet.microsoft.com/en-us/library/cc731607(WS.10).aspx
0
 

Author Comment

by:mchad65
Comment Utility
The build in auditing is unmanagable and vague.  It seems to create multiple log entries for a single file read access.  The log filled up in less then 30 seconds after turning it on.  That, and it doesn't seem to capture deletes, which is want I really need.  

Any recommendations on a 3rd party solution?
0
 
LVL 17

Accepted Solution

by:
pjam earned 500 total points
Comment Utility
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now