Solved

audit actions on windows server 2012

Posted on 2014-10-02
5
151 Views
Last Modified: 2014-10-04
Hello,

I search to know if it's possible to extract an audit from event logs windows if the properties of log are default and owerwrite.

Someone are deleted files on a server and drop the recycle bin and I have to found this in the logs.

Thanks

Regards
0
Comment
Question by:bibi92
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40357532
if those events were set to be captured and you are quick enough to save the audit log and then you can view at your leisure.
0
 

Author Comment

by:bibi92
ID: 40357696
No I do  not see auditing on the files and windows application is overwritte over than 20 mo. Is it possible to find trace  without windows logs. I think that a local user has been created and renamed for doing opérations.
0
 
LVL 79

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40357812
you must first set which items to audit and then you can review those items in the audit logs you cannot do it after the fact.

If a user has access to create a local user then you have much more security concerns. These files should have been on a server and servers should limit physical access to them.. If a user has physical access then all bets are off.  

Without these audit logs you will have no proof of who deleted these files.. and someone that gains admin access can delete the audit logs.
0
 

Author Comment

by:bibi92
ID: 40358714
Hello,

Can I find these informations in security log?

Thanks
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40361468
only after you've configured the security auditing setting for events from now on.. you cannot go into the past and get information on something that has not already been recorded.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question