Re: How to Audit users deleting files/folders?
- From: "Kevin Weilbacher [SBS-MVP]" <kweilbacMVP@xxxxxxx>
- Date: Wed, 6 Apr 2005 12:11:32 -0400
Thanks, Ray -- good information.
--
Kevin Weilbacher [SBS-MVP]
"The days pass by so quickly now, the nights are seldom long"
"Ray Collins" <ray.collins@xxxxxxxxxxxxxxxxx> wrote in message
news:%236hnXJrOFHA.508@xxxxxxxxxxxxxxxxxxxxxxx
>I know you guys provide so many useful answers but sometimes you just have
>to say "why can't you just answer the question !!!"
>
> Open Windows Explorer.
> Right-click the file or folder that you want to audit, click Properties,
> and then click the Security tab.
>
> Click Advanced, and then click the Auditing tab.
>
> Do one of the following:
> To set up auditing for a new user or group, click Add. In Enter the object
> name to select, type the name of the user or group that you want, and then
> click OK.
>
> To remove auditing for an existing group or user, click the group or user
> name, click Remove, click OK, and then skip the rest of this procedure.
>
> To view or change auditing for an existing group or user, click its name,
> and then click Edit.
>
> In the Apply onto box, click the location where you want auditing to take
> place.
>
> In the Access box, indicate what actions you want to audit by selecting
> the appropriate check boxes:
>
> To audit successful events, select the Successful check box.
>
> To stop auditing successful events, clear the Successful check box.
>
> To audit unsuccessful events, select the Failed check box.
>
> To stop auditing unsuccessful events, clear the Failed check box.
>
> To stop auditing all events, click Clear All.
>
> If you want to prevent subsequent files and subfolders of the original
> object from inheriting these audit entries, select the Apply these
> auditing entries to objects and/or containers within this container only
> check box.
>
> Important
>
> Before setting up auditing for files and folders, you must enable object
> access auditing by defining auditing policy settings for the object access
> event category. If you do not enable object access auditing, you will
> receive an error message when you set up auditing for files and folders,
> and no files or folders will be audited. The easiest way to do this on SBS
> is to edit the Domain Controller Security Policy.
>
> HTH
>
>
>
>
>
> "Kevin Weilbacher" <kweilbacMVP@xxxxxxx> wrote in message
> news:utaEGCrOFHA.2520@xxxxxxxxxxxxxxxxxxxxxxx
>> Never heard of someone asking about this. What's the problem? Did someone
>> delete something they weren't suppose to?
>>
>> If so, you can use the new Shadow Copy feature to quickly retrieve a
>> deleted file or folder; otherwise if some users should not have the
>> ability to delete files/folders, set up a separate permission structure
>> for them.
>>
>> --
>> Kevin Weilbacher [SBS-MVP]
>> "The days pass by so quickly now, the nights are seldom long"
>>
>>
>>
>> "Nick" <Nick@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:OAHziVqOFHA.1732@xxxxxxxxxxxxxxxxxxxxxxx
>>> Hi - How can I audit when a file or folder is deleted from a shared
>>> folder in SBS2003?
>>>
>>> Thanks,
>>>
>>> Nick
>>>
>>
>>
>
>
.
- References:
- How to Audit users deleting files/folders?
- From: Nick
- Re: How to Audit users deleting files/folders?
- From: Kevin Weilbacher
- Re: How to Audit users deleting files/folders?
- From: Ray Collins
- How to Audit users deleting files/folders?
- Prev by Date: Re: Terminal Server exceeded max. # message
- Next by Date: Re: unknown user name / dropping authentication
- Previous by thread: Re: How to Audit users deleting files/folders?
- Next by thread: sharepoint
- Index(es):
Relevant Pages
|
