Tracking which user deleted files after the fact

975 pts.
Tags:
CIFS
Common Internet File System
Server Message Block
SMB
User tracking
Can I tell what user deleted a group of files or folders via SMB? The users are on a mix of windows and apple machines but I can not determine who deleted the files. Is there any way to tell who did it after the fact?
ASKED: September 8, 2010  1:39 PM
UPDATED: September 9, 2010  3:28 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Expensive for just one event but we use a tool called Varonis which includes this function very good tool and capable of much more

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TeachMeIT
    [...] Tracking which user deleted files after the fact [...]
    0 pointsBadges:
    report
  • petkoa
    Well, if you are using *nix/Samba for a smb-based file server, it is possible by activation of one of auditing vfs objects (vfs object is kinda plugin in samba versions >3). You can inspect their properties and configuration in samba man pages: vfs_audit, vfs_extd_audit, vfs_full_audit . BTW, there is a "network recycle bin" in samba through vfs object vfs_recycle ... Maybe it's time to think over a migration to Linux/Samba?
    3,120 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following