- Network Analysis
- Windows Server 2008
- Active Directory
Find source of file copy from
Have a 2008 R2 server that we are trying to move away from, however there seems to be some obscure process or script either coming from that server or some other server that is writing to a share on this server. Its same time every day. Can't find any task or script on that machine that is doing it so I'm wondering if this is coming from another server. Is there something that can tell me or something i can leave running and log it?
Yes, it's possible. You have to turn on file auditing on the share and file folder that the data is being written to. This is where it gets tricky because the file auditing system is very difficult to look through. https://www.netwrix.com/how_to_detect_who_tried_to_change_file_or_folder_on_your_file_servers.html has some info that can help. The left column gives the setup required for auditing changes. Change audit failed to audit success (or succeeded, can't remember which works, so try both if you get no results). You can try out their file server auditing software to do it, but it's a little pricey for one time use. The audit entries should show you where the file writes are coming from and which account is doing it.
If that doesn't work, send out a notice that shares are being disabled, change the folder permissions after a specified amount of time and see who complains. :-)
-
![]()
received a Solution
Is there any way to find out what happen/who did what in an AD account ? -
![]()
wrote an Article
![]()
Delegation of access to Bitlocker Recovery Passwords – this way, please!
-
![]()
created a Video
![]()
Importing Users Into Active Directory From a Text File
-
Explore Cloud Class® ![]()
70-662 - Deploying Microsoft Exchange Server 2010
Premium Content
You need an Expert Office subscription to comment.Start Free Trial