Re: auditing files

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Previous message: Wilawal Malainual: "IIS4 stop service"
• Next message: Josh Hillman: "Re: IIS4 stop service"
• Maybe in reply to: Martin: "auditing files"

Then select the directories you want to audit using NT Explorer and assign
users or groups you want to audit. Select Delete success and failure to
audit for that directory. Your security log will grow much faster, and
performance on that server might degrade slightly, but it will show exactly
who is deleting files.

-----Original Message-----
From: Martin <djmartin@dcdu.com>
To: ntisp@iea-software.com <ntisp@iea-software.com>
Date: Tuesday, July 14, 1998 5:18 PM
Subject: auditing files

I am going nuts trying to figure out who is deleting certain files on one of
our servers. The event view/security log just tells me who logged in and
shows successful or failed audits.

Where do I start?

I had 80% of a directory disappear today. No one knows who did it. Thank
god we had it mirrored via octopus. Where do I look to find the culprit?

Martin

• Previous message: Wilawal Malainual: "IIS4 stop service"
• Next message: Josh Hillman: "Re: IIS4 stop service"
• Maybe in reply to: Martin: "auditing files"