On one of our servers we have a file that keeps mysteriously getting deleted. We have a backup of the file in question, so it's not much trouble to put it back, but it results in downtime on our websites.
You don't need any third party software. You need to turn on object access auditing and set the auditing options on the file s and or folder s you want to monitor. I would start with an internal audit of the company. Someone on your staff may be deleting the file, and perhaps causing other harm that you have not yet discovered.
Question everyone that has access to the machine in question, and perhaps temporarily remove people's credentials to see if the problem suddenly goes away. Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group.
Create a free Team What is Teams? Learn more. How can I audit a file to see who deleted it? Ask Question. Asked 12 years, 4 months ago. Active 3 years, 7 months ago. Viewed 20k times. In the following image, you can see the event id which has been logged after a folder has been deleted. In the next image, you can see the objects name as well which has been logged at the same time. The delete event ID does not contain the object name, so you have to view event ID to get that information.
In the following image, the information was scrolled down to show the name of object of which permissions were changed. You can use Lepide File Server Auditor part of Lepide Data Security Platform to track file and folder deletions and permission changes much effortlessly. The following image shows files and folders deletion report. You can see all necessary information related to files and folders deletion in a single line record.
All necessary information like who changed which permission, when and where is given in a single line record. These reports are available both in grid view and graph view. I m asking if this is normal. Both are behind a router so they have their own LAN for my test bench. I just wanted to audit what files were opened on shared folder. The shared folder on the server is the only place I enabled Audit.
After much work I finally got the security log to stop logging 14 logs about svchosts access ever minute. Now the security log waits until the XP computer connects to the shared folder and opens a file. I did this with one file, a small Word doc. I have read several Spiceworks support logs for file access audit. One user generates entries for on file opened? What about my production environment with 50 users and thousands of files?
Quote from Ron Schnieder in Jaws, "We are going to need a bigger boat! That is normal, unfortuante but normal. When a machine opens a file there may be several hooks into the file to handle different things.
0コメント