How to track data deletion in a Windows Domain?

How to track data deletion in a Windows Domain? I have a client who is audited regularly. They have 2 Windows 2008 servers functioning as domain controllers for Windows 7 workstations. Is there a way to track and verify data deletion on the servers? Something that can be reported in someway to show that it actually happens? I would imagine there's some overhead to running something like this. I need to create a "Data Destruction Policy". Any thoughts would be greatly appreciated. Most of what I have found has been about full hard drive wiping on a single pc basis.
jsgouldAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
Enable File Access Auditing.  That information can then be recovered from the Security log.

If you have TONS of disk space to spare, you use a tool like DriveLock which can basically create copies of files that are deleted and note who deleted them when.  It's not free though.

http://www.drivelock.com/Solutions
0
Philip PortnoySr. MS SQL DBA and Technical Account ManagerCommented:
You can use File Server auditing, but it's audit logs are pretty hard to read.
One of the best non-freeware solutions is one from Quest: http://www.quest.com/changeauditor-for-windows-file-servers/
0
jsgouldAuthor Commented:
Ok. I've reviewed both of these. DriveLock seems a bit too much and the additional space that would be required for that may be to costly.. Quest looks interesting but neither seem to assure of the data deletion portion just monitors what was deleted, moved, renamed. etc. and by whom.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Auditing is the best, included method for doing what you want or close to it.  If you want anymore, it's going to cost you and it's probably not going to be cheap given the market for the products.
0
Philip PortnoySr. MS SQL DBA and Technical Account ManagerCommented:
You should use backups/shadow copying and other DR/HA solutions to provide restore capabilities.

Auditing tools are for auditing. B&R - for B&R.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.