If it's a DC then you "should" have both Domain Controller Security Policy and Domain Security Policy in Admin Tools, if not, it's not your DC.
S From: Paul Everett [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2008 3:34 PM To: NT System Admin Issues Subject: RE: logging deleted files I don't have a Domain Controller Security Policy in Admin Tools, just Local Security Policy and "yes" the "Define these policy settings" box is missing. I just meant the files in question are on the DC. ________________________________ From: Ralph Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2008 2:15 PM To: NT System Admin Issues Subject: RE: logging deleted files I think you want to go to Administrative Tools > Domain Controller Security Policy > Local Security Policy if this applies to the domain controller. There should be a box for "Define these policy settings". Is that what's missing? I'm not sure what you mean by the file being located in the Domain Group Policy on the DC. Do you mean the file is on the Domain Controller under the C:\WINDOWS\SYSVOL\domain\Policies folder? Ralph Smith Gateway Community Industries 845-331-1261 x234 ________________________________ From: Paul Everett [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2008 1:31 PM To: NT System Admin Issues Subject: RE: logging deleted files Thanks for the link Ralph. I have auditing from the folder in question's Properties enabled and also in Domain Group Policy on the DC, which is were the file is located. I can't get anything to show up in event log. In the Local Security Policy the "audit local object" success and failures are grayed out with no "enable" box. ________________________________ From: Ralph Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2008 11:47 AM To: NT System Admin Issues Subject: RE: logging deleted files http://sogeeky.blogspot.com/2006/07/how-to-audit-and-track-file-deletions.html Ralph Smith Gateway Community Industries 845-331-1261 x234 ________________________________ From: James Rankin [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2008 10:43 AM To: NT System Admin Issues Subject: Re: logging deleted files You can turn on file auditing for particular folders if you know which folders are at risk Right-click folder Properties, Security, Advanced, Auditing 2008/9/18 Paul Everett <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> Is there anything that logs the event when files are deleted over the network? A user in one of our departments is deleting files, either unintentionally or not. The best I can do is check my daily backups to find out which day it happened, but we'd like to find out who it is. We don't need something to recover deleted network files, just something that logs the event that includes the username. Is there anything out there that can do this? We have a 2003 AD Domain. Thanks, Paul Everett IS Dept. Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message, including attachments. Confidentiality Notice: ****************** This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to whom it is addressed. Any review, dissemination, or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message. Confidentiality Notice: ****************** This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to whom it is addressed. Any review, dissemination, or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
