No announcement yet.

Setting up Audit for deleted folders and files

  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting up Audit for deleted folders and files

    Hi All,
    Last week we had quite a few files and folders deleted from our File Server . Users general comments are that somebody has done it accidentally but no one seems to take ownership.

    Fortunately my Backup Exec is running fine and I could restore those from previous cartridges.

    Can someone guide me on the steps of setting up an audit policy so that next time I can trace out whoever deletes the folders or files.

    Our Active Directory environment are as follows:
    DC1 - Win 2003 Std Server
    DC2 Win 2003 Std Server working as replication partnet
    File Servers - Win 2003 and Win 2000



  • #2
    Re: Setting up Audit for deleted folders and files

    you can enable auditing either using GPO or via Local Security Settings Snap-in on the server that contains those objects. The setting that you want to configure is "Audit Object Access". It can be configured to audit Failure or and Success.

    Just be carefult if you enable Success as your Security Log on the server can become full guite fast.
    here's some more info:

    In addition on win2003 server I would also enable Volume Shadow Copies feature as it's very fast and easy way to recover any deleted files/folders.

    More info here: