Solved

How to track data deletion in a Windows Domain?

Posted on 2014-07-21
5
326 Views
Last Modified: 2014-07-21
How to track data deletion in a Windows Domain? I have a client who is audited regularly. They have 2 Windows 2008 servers functioning as domain controllers for Windows 7 workstations. Is there a way to track and verify data deletion on the servers? Something that can be reported in someway to show that it actually happens? I would imagine there's some overhead to running something like this. I need to create a "Data Destruction Policy". Any thoughts would be greatly appreciated. Most of what I have found has been about full hard drive wiping on a single pc basis.
0
Comment
Question by:jsgould
  • 2
  • 2
5 Comments
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 40209577
Enable File Access Auditing.  That information can then be recovered from the Security log.

If you have TONS of disk space to spare, you use a tool like DriveLock which can basically create copies of files that are deleted and note who deleted them when.  It's not free though.

http://www.drivelock.com/Solutions
0
 
LVL 4

Assisted Solution

by:Philip Portnoy
Philip Portnoy earned 250 total points
ID: 40209615
You can use File Server auditing, but it's audit logs are pretty hard to read.
One of the best non-freeware solutions is one from Quest: http://www.quest.com/changeauditor-for-windows-file-servers/
0
 

Author Comment

by:jsgould
ID: 40209656
Ok. I've reviewed both of these. DriveLock seems a bit too much and the additional space that would be required for that may be to costly.. Quest looks interesting but neither seem to assure of the data deletion portion just monitors what was deleted, moved, renamed. etc. and by whom.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 40209661
Auditing is the best, included method for doing what you want or close to it.  If you want anymore, it's going to cost you and it's probably not going to be cheap given the market for the products.
0
 
LVL 4

Accepted Solution

by:
Philip Portnoy earned 250 total points
ID: 40209666
You should use backups/shadow copying and other DR/HA solutions to provide restore capabilities.

Auditing tools are for auditing. B&R - for B&R.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now