Is there a way to find out what user on the SBS 2003 Server deleted a folder in a share? User activity logs?
Is there a way to find out what user on the SBS 2003 Server deleted a folder in a share?
Security logs?? Activity Logs?
Thank you,
Cory
Software/Hardware used:
Software/Hardware used:
ASKED:
February 21, 2008 5:44 AM
UPDATED:
February 22, 2008 4:13 AM
Answer Wiki:
If you have auditing enabled on the server then you can see the audit of this event in the Security Log. If auditing is not enabled then there is no logging of the event.
You can turn auditing on with the "Local Security Policy" tool in administrative tools. (Alternately, there are similar settings in Group policies, so that they can be applied to a number of servers at once.)
In the Local Security Policy tool navigate to security settings -> Local Policies -> Audit Policy and turn on "Audit Object Access". In this case you want to know when someone deletes a file, so you will want to turn on "success" as well as "failure".
After this, go to the folder (or drive) you want to audit and select properties. On the Security tab, hit the advanced button and select the auditing tab from the resulting window. From here add the groups or specific users you want to receive auditing information for in the logs.
<a href="http://support.microsoft.com/kb/325898">Here </a>is a Microsoft article that discusses the same thing in much more detail, essentially you will want to read these two sections:
<ul>
How to define or modify auditing policy settings for an event category
How to apply or modify auditing policy settings for a local file or folder</ul>
To see all answers submitted to the Answer Wiki: View Answer History.
mrdenny is correct. you first have to turn logging on and then setup logging for that directory to log access to all files. this will slow down your server though depending on how much the directory is accessed.