If it's a DC then you "should" have both Domain Controller Security Policy and 
Domain Security Policy in Admin Tools, if not, it's not your DC.

S

From: Paul Everett [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 18, 2008 3:34 PM
To: NT System Admin Issues
Subject: RE: logging deleted files

I don't have a Domain Controller Security Policy in Admin Tools, just Local 
Security Policy and "yes" the "Define these policy settings" box is missing.
I just meant the files in question are on the DC.

________________________________
From: Ralph Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 18, 2008 2:15 PM
To: NT System Admin Issues
Subject: RE: logging deleted files

I think you want to go to

Administrative Tools > Domain Controller Security Policy > Local Security Policy

if this applies to the domain controller.

There should be a box for "Define these policy settings".  Is that what's 
missing?

I'm not sure what you mean by the file being located in the Domain Group Policy 
on the DC.  Do you mean the file is on the Domain Controller under the 
C:\WINDOWS\SYSVOL\domain\Policies folder?
Ralph Smith
Gateway Community Industries
845-331-1261 x234

________________________________
From: Paul Everett [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 18, 2008 1:31 PM
To: NT System Admin Issues
Subject: RE: logging deleted files

Thanks for the link Ralph.

I have auditing from the folder in question's Properties enabled and also in 
Domain Group Policy on the DC, which is were the file is located.
I can't get anything to show up in event log.

In the Local Security Policy the "audit local object" success and failures are 
grayed out with no "enable" box.


________________________________
From: Ralph Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 18, 2008 11:47 AM
To: NT System Admin Issues
Subject: RE: logging deleted files

http://sogeeky.blogspot.com/2006/07/how-to-audit-and-track-file-deletions.html

Ralph Smith
Gateway Community Industries
845-331-1261 x234

________________________________
From: James Rankin [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 18, 2008 10:43 AM
To: NT System Admin Issues
Subject: Re: logging deleted files

 You can turn on file auditing for particular folders if you know which folders 
are at risk

Right-click folder Properties, Security, Advanced, Auditing
2008/9/18 Paul Everett <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>>

Is there anything that logs the event when files are deleted over the network?



A user in one of our departments is deleting files, either unintentionally or 
not.  The best I can do is check my daily backups to find out which day it 
happened, but we'd like to find out who it is.  We don't need something to 
recover deleted network files, just something that logs the event that includes 
the username.  Is there anything out there that can do this?

We have a 2003 AD Domain.

Thanks,

Paul Everett
IS Dept.

Confidentiality Notice:  This e-mail message, including any attachments, is for 
the sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.   If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message, including attachments.


















Confidentiality Notice:

******************

This communication, including any attachments, may contain confidential 
information and is intended only for the individual or entity to whom it is 
addressed. Any review, dissemination, or copying of this communication by 
anyone other than the intended recipient is strictly prohibited. If you are not 
the intended recipient, please contact the sender by reply email, delete and 
destroy all copies of the original message.












Confidentiality Notice:

******************

This communication, including any attachments, may contain confidential 
information and is intended only for the individual or entity to whom it is 
addressed. Any review, dissemination, or copying of this communication by 
anyone other than the intended recipient is strictly prohibited. If you are not 
the intended recipient, please contact the sender by reply email, delete and 
destroy all copies of the original message.











~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to