Re: auditing files

Paul Sheahan ( (no email) )
Wed, 15 Jul 1998 09:15:45 -0400

In User Manager, enable auditing on success and failure of "File and Object

Then select the directories you want to audit using NT Explorer and assign
users or groups you want to audit. Select Delete success and failure to
audit for that directory. Your security log will grow much faster, and
performance on that server might degrade slightly, but it will show exactly
who is deleting files.

-----Original Message-----
From: Martin <>
To: <>
Date: Tuesday, July 14, 1998 5:18 PM
Subject: auditing files

I am going nuts trying to figure out who is deleting certain files on one of
our servers. The event view/security log just tells me who logged in and
shows successful or failed audits.

Where do I start?

I had 80% of a directory disappear today. No one knows who did it. Thank
god we had it mirrored via octopus. Where do I look to find the culprit?