Auditing / File Security

Giganews Newsgroups
Subject: Auditing / File Security
Posted by:  Kelly Armitage (KellyArmita…@discussions.microsoft.com)
Date: Thu, 22 May 2008

Can anyone tell if it is possible (and if yes how?) to log or audit file
access.  This is a large domain running 2003 AD with a mix of NT / 2000
servers.

The simple and basic scenario is as an example HR is a group all with access
to Folder X.  Within Folder X there are some basic spreadsheets that all
these users can access.  One of these users has either accidentally or
intentionally deleted one of these files.  Retreiving the file from tape took
all of 3 minutes, but the powers that be would like to know which user it was
that deleted it.  I have looked through the event viewer security logs and
cannot seem to find any reference to that file being accessed or deleted.  Is
there an auditing feature on the DC that will enable me to check for such
things?  If ther eis which is it, and what would it look like so I can
recognize it in the event viewer.  I mean would the event specifically name
the file that was deleted?

USER A deleted FILE X?  Any pointers tips or methods others use would be
great.  It seems locking stuff down so that a small number of users are the
only ones with access to it, isn't enough these days.

HELP! :)

Replies