Move\Store deleted files & log user
Hi
We have an issue where a member of an organisation is under suspected to be deleting files, what we really need to do is:
A) Be able to prove that this person is deleting files so require some sort of logging
B) Have any files that are deleted moved to another folder instead of their default location (Instead of the recycle bin etc.)
Is there a way to do this?
I understand that we can enable auditing but is changing the location that deleted files go to possible?
We have an issue where a member of an organisation is under suspected to be deleting files, what we really need to do is:
A) Be able to prove that this person is deleting files so require some sort of logging
B) Have any files that are deleted moved to another folder instead of their default location (Instead of the recycle bin etc.)
Is there a way to do this?
I understand that we can enable auditing but is changing the location that deleted files go to possible?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the input but what we really require is to capture the deleted files into a "recycle Bin" The concern is that one of the staff may/has deleted files which should not have been deleted. The bigger issue is that staff may not even be aware of these files even exist as this person is top of the tree in the business. UNDELETE is a good program and has worked for customers in the passed but he would have to authorise this purchase. Not a good idea. So we need to do this on the "Cheap"
As I said in my previous post there is no need for 3rd party software. Use Windows Shadow copies, set it to create snapshots every 25 min and when the need arises open up previous versions and restore the file.
DirkMare
DirkMare
ASKER
We are well aware of Shadow copy but this does not help if we do not know what has been deleted. Further Shadow copy will not keep previous versions forever. The idea is to trap the deleted files so we can see what is going on with this guy. So we need a "poor mans" version of Undelete. Any idea's welcome.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Strangely enough I had already done this but was still hoping for a "Recycle Bin" type solution. Scrolling thought logs looking for deleted files is time consuming and painful. Just looking for an easy life.
You can setup Event Log Subscriptions that will email you in the event that a file is deleted..
Why dont you just explicitly deny the user the right to delete files and folders?
DirkMare
Why dont you just explicitly deny the user the right to delete files and folders?
DirkMare
ASKER
Could do this but he is the CEO (going rouge) oppssssss.
Seems like you are in n bit of a spot. Having something that is a couple of minutes old is better than having nothing.
You can play the naive game and say you dont know whats going on and you will investigate. And seeing that he is doing this on purpose i doubt he will be knocking on your door asking you what's going on.
DirkMare
You can play the naive game and say you dont know whats going on and you will investigate. And seeing that he is doing this on purpose i doubt he will be knocking on your door asking you what's going on.
DirkMare
ASKER
Its all a bit political, without giving anything away he could well be on his way to the dole queue but for now we have to act like all is well. He has caused some serious issues over the last few months and managed to talk to Board in to keeping him. Not everyone is aware of the issues and we are talking to "seconds" in command for now. They don't want to invest in purchase of software as this will alert him. As usual IT have to put up with all of this. I may install a trial of Undelete for now hoping it resolves is self in the mean time.
Thanks everyone for your input.
Thanks everyone for your input.
Have you considered using VSS and Previous Versions?
http://technet.microsoft.com/en-us/magazine/dd637757.aspx
http://technet.microsoft.com/en-us/library/cc771305.aspx
DirkMare