?
Solved

audit actions on windows server 2012

Posted on 2014-10-02
5
Medium Priority
?
167 Views
Last Modified: 2014-10-04
Hello,

I search to know if it's possible to extract an audit from event logs windows if the properties of log are default and owerwrite.

Someone are deleted files on a server and drop the recycle bin and I have to found this in the logs.

Thanks

Regards
0
Comment
Question by:bibi92
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40357532
if those events were set to be captured and you are quick enough to save the audit log and then you can view at your leisure.
0
 

Author Comment

by:bibi92
ID: 40357696
No I do  not see auditing on the files and windows application is overwritte over than 20 mo. Is it possible to find trace  without windows logs. I think that a local user has been created and renamed for doing opérations.
0
 
LVL 82

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 40357812
you must first set which items to audit and then you can review those items in the audit logs you cannot do it after the fact.

If a user has access to create a local user then you have much more security concerns. These files should have been on a server and servers should limit physical access to them.. If a user has physical access then all bets are off.  

Without these audit logs you will have no proof of who deleted these files.. and someone that gains admin access can delete the audit logs.
0
 

Author Comment

by:bibi92
ID: 40358714
Hello,

Can I find these informations in security log?

Thanks
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40361468
only after you've configured the security auditing setting for events from now on.. you cannot go into the past and get information on something that has not already been recorded.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question