Archived from groups: microsoft.public.win2000.security (
More info?)
You can enable auditing of folders/files but you first need to enable
auditing of object access on the computer you want to monitor. That can
usually be done in Local Security Policy unless another security policy is
overriding Local Security Policy which would be shown as a difference
between local and effective settings for Windows 2000. Keep in mind that
auditing for folder/file access can generate a LOT of events in the security
log so audit only those permissions you want to monitor and avoid using
everyone/users group if possible. Event ID's 560/562 will contain the info
you need. The links below explain more. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://www.microsoft.com/technet/security/guidance/secmod144.mspx
"M. Wilson" <MWilson@discussions.microsoft.com> wrote in message
news:CA662FA9-9CFF-458D-A40C-F7A722D84ABA@microsoft.com...
> Hello,
>
> We are running the Windows Server 2000 and I wanted to know if there is a
> utility that can show me when and who deleted certain files.
>
> --
> Very Much Appreciated,
>
> M. Wilson