File Server Audit/log?

SouthSeaPirateSouthSeaPirate Member Posts: 173
We are running a file server with Server 2003. Nothing special, just hosts all the shares. I was wondering what I need to do to enable an audit of the server. Specificly to check what user deleted half the Marketing files, or accidentally dragged them into the schedules folder; I believe this makes the point. I know this can be done by changing a Security Policy on the server, but I dont know which policy nor how to view the audit once enabled. Obviously Im completely dark on this. Anyone know what Im trying to get at?

Comments

  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
  • SouthSeaPirateSouthSeaPirate Member Posts: 173
    Thanks for the link. I believe this one is very clse to what Im looking for: "Success and failure audit for file-access and object-access events. File Manager success and failure audit of Read/Write access by suspect users or groups for the sensitive files." It does say success, falls short at read/write. Im thinking I would need something along the same lines but with Modify and Delete. Maybe Im wrong?
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    There are audit policy objects for "Delete Subfolders and Files", and "Delete".
  • SouthSeaPirateSouthSeaPirate Member Posts: 173
    So same concept. Hopefully 2003 is close enough for this document to help. We shall see tomorrow. Thanks +rep!
  • SouthSeaPirateSouthSeaPirate Member Posts: 173
    Unfortunately this doesnt help. I need to see what is deleted, by whom...
  • SouthSeaPirateSouthSeaPirate Member Posts: 173
    Anyone? Still at a loss here.
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    Unfortunately this doesnt help. I need to see what is deleted, by whom...

    You either don't have it setup correctly or you're not looking at the correct logs. My audit logs shows who deletes an object.
  • ChurritosChurritos Registered Users Posts: 1 ■□□□□□□□□□
    You'll probably need a third-party tool if you want to seriously audit changes to your file server-- the native logs don't offer any filtering of reporting capabilities. We had someone delete a ton of financial documents last year so we looked at NetWrix File Server Change Reporter and Quest ChangeAuditor for File Servers. Both are good tools and will send automated reports that will tell you who is deleting your files.
Sign In or Register to comment.