Finding User who deletes
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
Hello,
We are running the Windows Server 2000 and I wanted to know if there is a
utility that can show me when and who deleted certain files.
--
Very Much Appreciated,
M. Wilson
Hello,
We are running the Windows Server 2000 and I wanted to know if there is a
utility that can show me when and who deleted certain files.
--
Very Much Appreciated,
M. Wilson
More about : finding user deletes
Archived from groups: microsoft.public.win2000.security (More info?)
"M. Wilson" <MWilson@discussions.microsoft.com> wrote in message
news:CA662FA9-9CFF-458D-A40C-F7A722D84ABA@microsoft.com...
> Hello,
>
> We are running the Windows Server 2000 and I wanted to know if there is a
> utility that can show me when and who deleted certain files.
>
> --
> Very Much Appreciated,
>
> M. Wilson
Isnt this covered in File auditing, Not really used Server but from my old
days of NT you can turn on file auditing for machines and then check the
event viewer under security tab for a list of what happens,
Under 2K which I use
Explorer
Right click C Drive
Properties
Security
Advanced
Auditing
Jud
"M. Wilson" <MWilson@discussions.microsoft.com> wrote in message
news:CA662FA9-9CFF-458D-A40C-F7A722D84ABA@microsoft.com...
> Hello,
>
> We are running the Windows Server 2000 and I wanted to know if there is a
> utility that can show me when and who deleted certain files.
>
> --
> Very Much Appreciated,
>
> M. Wilson
Isnt this covered in File auditing, Not really used Server but from my old
days of NT you can turn on file auditing for machines and then check the
event viewer under security tab for a list of what happens,
Under 2K which I use
Explorer
Right click C Drive
Properties
Security
Advanced
Auditing
Jud
Archived from groups: microsoft.public.win2000.security (More info?)
You can enable auditing of folders/files but you first need to enable
auditing of object access on the computer you want to monitor. That can
usually be done in Local Security Policy unless another security policy is
overriding Local Security Policy which would be shown as a difference
between local and effective settings for Windows 2000. Keep in mind that
auditing for folder/file access can generate a LOT of events in the security
log so audit only those permissions you want to monitor and avoid using
everyone/users group if possible. Event ID's 560/562 will contain the info
you need. The links below explain more. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://www.microsoft.com/technet/security/guidance/secm...
"M. Wilson" <MWilson@discussions.microsoft.com> wrote in message
news:CA662FA9-9CFF-458D-A40C-F7A722D84ABA@microsoft.com...
> Hello,
>
> We are running the Windows Server 2000 and I wanted to know if there is a
> utility that can show me when and who deleted certain files.
>
> --
> Very Much Appreciated,
>
> M. Wilson
You can enable auditing of folders/files but you first need to enable
auditing of object access on the computer you want to monitor. That can
usually be done in Local Security Policy unless another security policy is
overriding Local Security Policy which would be shown as a difference
between local and effective settings for Windows 2000. Keep in mind that
auditing for folder/file access can generate a LOT of events in the security
log so audit only those permissions you want to monitor and avoid using
everyone/users group if possible. Event ID's 560/562 will contain the info
you need. The links below explain more. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://www.microsoft.com/technet/security/guidance/secm...
"M. Wilson" <MWilson@discussions.microsoft.com> wrote in message
news:CA662FA9-9CFF-458D-A40C-F7A722D84ABA@microsoft.com...
> Hello,
>
> We are running the Windows Server 2000 and I wanted to know if there is a
> utility that can show me when and who deleted certain files.
>
> --
> Very Much Appreciated,
>
> M. Wilson
Related ressources:
- Forumbehind the user names, who are we?
- ForumHow to monitor network share moves/ deletes
- ForumWho likes Windows 8
- ForumHow to find out the user who logged on remotely into my system
- ForumWho uses the Gimp??
- ForumWho is purchasing Windows 8?
- ForumChokes on large file deletes
- ForumDeleted user account, lost everything in My Documents
- ForumComponent failure. Who to blame User or manufacturer?
- ForumUser Monitoring needed
- ForumAMD says, " Who needs Dell?"
- ForumI need to find out who the administrator is on my computer
- ForumIs a SSD good when you add/delete 30 gigs data a day?
- ForumParallel and com ports not appearing in device manager
- More resources
!
