[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 239
  • Last Modified:

log files on small business server 2011

My Boss wants me to find out something.  There are two admin accounts on an SBS 2011 server we have.  One of the admin's  "wasn't me" !!  un selected a few check boxes when doing a properties of a public folder in exchange, and it caused some email to get deleted faster than it should have.  He believes there should be an "audit trail" in the OS somewhere that would say who, and when said person might have made a change.  I can't find it anywhere, but that is not to see it's not there.   Would anyone out there have any idea where I might look for that kind of thing in the logs?
0
micromark1
Asked:
micromark1
2 Solutions
 
EdservGCommented:
Hi, Micromark1.

The log exist, but is not enable by default. You need to enable audit policys to obtain this.

Who and when make this in past are not possible to get.. However you can power on this audit configuration and take possible to view it on future.

Thanks,
Edserv
0
 
Detlef001Commented:
If the changes are made then it is very difficult to guess who did what. You can check on the windows log but yes that too on a note that the auditing must be enabled.

You can check that at the security log events. That can enrich you the exact details. And for future instances you can have a look at an third party file server monitoring application.

Have a look.

Thanks.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now