Is there a realistic way to log file share activity on Win 2008 server?
Posted on 2011-09-14
We have had a few instances of folders on shares being deleted, and no one (obviously) admits to be doing it... A few days ago, the entire contents of a folder was deleted, but not the folder itself. I have seen plenty of times when a user accidentally drags a folder into an ajacent folder. But now we are spending too much time restoring large folders from tape, so I'd like to identify who is doing it, and have a "chat" with them.
We have a modest amount of file usage during a day, our nighly incremental backups are upwards of 12 gigs. I inagine these logs would get pretty big, that and never having the need to do so, has never needed me to look at this, until now. I'd really only want to see deletions and moves I think...
It's a single Windows 2008 file server in a single AD domain. The share is open to the "everyone" group.
If this were you, how would you go about tracking down the "culprit"?