File Server Audit/log?
SouthSeaPirate
Member Posts: 173
in Off-Topic
We are running a file server with Server 2003. Nothing special, just hosts all the shares. I was wondering what I need to do to enable an audit of the server. Specificly to check what user deleted half the Marketing files, or accidentally dragged them into the schedules folder; I believe this makes the point. I know this can be done by changing a Security Policy on the server, but I dont know which policy nor how to view the audit once enabled. Obviously Im completely dark on this. Anyone know what Im trying to get at?
Comments
-
SouthSeaPirate Member Posts: 173Thanks for the link. I believe this one is very clse to what Im looking for: "Success and failure audit for file-access and object-access events. File Manager success and failure audit of Read/Write access by suspect users or groups for the sensitive files." It does say success, falls short at read/write. Im thinking I would need something along the same lines but with Modify and Delete. Maybe Im wrong?
-
phoeneous Member Posts: 2,333 ■■■■■■■□□□There are audit policy objects for "Delete Subfolders and Files", and "Delete".
-
SouthSeaPirate Member Posts: 173So same concept. Hopefully 2003 is close enough for this document to help. We shall see tomorrow. Thanks +rep!
-
SouthSeaPirate Member Posts: 173Unfortunately this doesnt help. I need to see what is deleted, by whom...
-
phoeneous Member Posts: 2,333 ■■■■■■■□□□SouthSeaPirate wrote: »Unfortunately this doesnt help. I need to see what is deleted, by whom...
You either don't have it setup correctly or you're not looking at the correct logs. My audit logs shows who deletes an object. -
Churritos Registered Users Posts: 1 ■□□□□□□□□□You'll probably need a third-party tool if you want to seriously audit changes to your file server-- the native logs don't offer any filtering of reporting capabilities. We had someone delete a ton of financial documents last year so we looked at NetWrix File Server Change Reporter and Quest ChangeAuditor for File Servers. Both are good tools and will send automated reports that will tell you who is deleting your files.