Understand Event Viewer – Delete Action on Folders – Event ID 560

100 pts.
Tags:
Event ID
Event ID 560
Event Viewer
Windows Server 2003
Windows Server Security
Windows Server Security Audits
I've enabled audit logs on several folders on windows server 2003 environment. It records the deleted action on folder and sub-folder. The problem is I want to make sure, that when I see Delete in Accesses field, it is for certain the user deleted the folder/file. When replicating the action, it only shows (delete), I'm not sure, what the rest if for. I filtered the logs to Object Access, Event ID: 560 So My question is, how to determine that the folder/file is indeed was deleted by that user?? Accesses: DELETE READ_CONTROL WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttribu

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following