Re: What user deleted a network file

Hugo,

You may want to play with the network audit feature of XP/XPe.

Also, if you use NTFS as the FS on your target, you can audit the file system access to particular file/directories/disks.
See more detail steps here: http://support.microsoft.com/?kbid=310399

For more complex auditing you should try some 3rd party network security audit software.

--
Regards,
KM


> Hello!
>
> Can anyone tell me if it is possible to know what user (using windows XP),
> deleted a network file/directory in a computer with Windows XP embedded. This
> information is stored in a log file, or in the event viewer?
>
> Thanks,
> Hugo Pinto


.

Relevant Pages

  • Re: Holes in my security - advice needed
    ... I will be blamed if there is an attack, ... I would do a audit of the information on the network. ... If they don't understand why it is bad,...then how did the company policy ...
    (microsoft.public.windows.server.networking)
  • RE: network auditing
    ... I was just reading the thread on the "NASA security Audit" ... Port scan the target network IP. ...
    (Security-Basics)
  • Re: Pen Testing
    ... Is it common that a security company would need rights such as domain ... admin rights to perform an audit on the network? ... Depends on what you want them to audit. ... network plug and maybe an IP address they can use - plus the ...
    (Pen-Test)
  • Re: Catch a hacker?
    ... I don't know about the audit part though. ... >> the Admin network password. ... >> admin signon signed on last and so on. ...
    (microsoft.public.win2000.security)
  • Re: Holes in my security - advice needed
    ... I will be blamed if there is an attack, ... I would do a audit of the information on the network. ... If they don't understand why it is bad,...then how did the company policy ...
    (microsoft.public.windows.server.networking)