Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to track data deletion in a Windows Domain?

Posted on 2014-07-21
5
Medium Priority
?
334 Views
Last Modified: 2014-07-21
How to track data deletion in a Windows Domain? I have a client who is audited regularly. They have 2 Windows 2008 servers functioning as domain controllers for Windows 7 workstations. Is there a way to track and verify data deletion on the servers? Something that can be reported in someway to show that it actually happens? I would imagine there's some overhead to running something like this. I need to create a "Data Destruction Policy". Any thoughts would be greatly appreciated. Most of what I have found has been about full hard drive wiping on a single pc basis.
0
Comment
Question by:jsgould
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 1000 total points
ID: 40209577
Enable File Access Auditing.  That information can then be recovered from the Security log.

If you have TONS of disk space to spare, you use a tool like DriveLock which can basically create copies of files that are deleted and note who deleted them when.  It's not free though.

http://www.drivelock.com/Solutions
0
 
LVL 4

Assisted Solution

by:Philip Portnoy
Philip Portnoy earned 1000 total points
ID: 40209615
You can use File Server auditing, but it's audit logs are pretty hard to read.
One of the best non-freeware solutions is one from Quest: http://www.quest.com/changeauditor-for-windows-file-servers/
0
 

Author Comment

by:jsgould
ID: 40209656
Ok. I've reviewed both of these. DriveLock seems a bit too much and the additional space that would be required for that may be to costly.. Quest looks interesting but neither seem to assure of the data deletion portion just monitors what was deleted, moved, renamed. etc. and by whom.
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 1000 total points
ID: 40209661
Auditing is the best, included method for doing what you want or close to it.  If you want anymore, it's going to cost you and it's probably not going to be cheap given the market for the products.
0
 
LVL 4

Accepted Solution

by:
Philip Portnoy earned 1000 total points
ID: 40209666
You should use backups/shadow copying and other DR/HA solutions to provide restore capabilities.

Auditing tools are for auditing. B&R - for B&R.
0

Featured Post

Protect Your Retail Business and Reputation

Wi-Fi access doesn't just impact your business & customer experience, it can also affect your security.  Join us for an informative webinar to learn more about the top threats and trends impacting retail today, and the key solutions to protecting retail networks and reputations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question