Solved

audit actions on windows server 2012

Posted on 2014-10-02
5
159 Views
Last Modified: 2014-10-04
Hello,

I search to know if it's possible to extract an audit from event logs windows if the properties of log are default and owerwrite.

Someone are deleted files on a server and drop the recycle bin and I have to found this in the logs.

Thanks

Regards
0
Comment
Question by:bibi92
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 40357532
if those events were set to be captured and you are quick enough to save the audit log and then you can view at your leisure.
0
 

Author Comment

by:bibi92
ID: 40357696
No I do  not see auditing on the files and windows application is overwritte over than 20 mo. Is it possible to find trace  without windows logs. I think that a local user has been created and renamed for doing opérations.
0
 
LVL 81

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40357812
you must first set which items to audit and then you can review those items in the audit logs you cannot do it after the fact.

If a user has access to create a local user then you have much more security concerns. These files should have been on a server and servers should limit physical access to them.. If a user has physical access then all bets are off.  

Without these audit logs you will have no proof of who deleted these files.. and someone that gains admin access can delete the audit logs.
0
 

Author Comment

by:bibi92
ID: 40358714
Hello,

Can I find these informations in security log?

Thanks
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 40361468
only after you've configured the security auditing setting for events from now on.. you cannot go into the past and get information on something that has not already been recorded.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question