|
Posted by =?Utf-8?B?SG90c2F1Y2Ux?= on May 22, 2008, 5:58 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Yes
"Kelly Armitage" wrote:
> Can anyone tell if it is possible (and if yes how?) to log or audit file
> access. This is a large domain running 2003 AD with a mix of NT / 2000
> servers.
>
> The simple and basic scenario is as an example HR is a group all with access
> to Folder X. Within Folder X there are some basic spreadsheets that all
> these users can access. One of these users has either accidentally or
> intentionally deleted one of these files. Retreiving the file from tape took
> all of 3 minutes, but the powers that be would like to know which user it was
> that deleted it. I have looked through the event viewer security logs and
> cannot seem to find any reference to that file being accessed or deleted. Is
> there an auditing feature on the DC that will enable me to check for such
> things? If ther eis which is it, and what would it look like so I can
> recognize it in the event viewer. I mean would the event specifically name
> the file that was deleted?
>
> USER A deleted FILE X? Any pointers tips or methods others use would be
> great. It seems locking stuff down so that a small number of users are the
> only ones with access to it, isn't enough these days.
>
> HELP! :)
| 
XML site map