bibi92
asked on
audit actions on windows server 2012
Hello,
I search to know if it's possible to extract an audit from event logs windows if the properties of log are default and owerwrite.
Someone are deleted files on a server and drop the recycle bin and I have to found this in the logs.
Thanks
Regards
I search to know if it's possible to extract an audit from event logs windows if the properties of log are default and owerwrite.
Someone are deleted files on a server and drop the recycle bin and I have to found this in the logs.
Thanks
Regards
if those events were set to be captured and you are quick enough to save the audit log and then you can view at your leisure.
ASKER
No I do not see auditing on the files and windows application is overwritte over than 20 mo. Is it possible to find trace without windows logs. I think that a local user has been created and renamed for doing opérations.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello,
Can I find these informations in security log?
Thanks
Can I find these informations in security log?
Thanks
only after you've configured the security auditing setting for events from now on.. you cannot go into the past and get information on something that has not already been recorded.