Auditing file deletion
I am trying to enable auditing of file and directory deletions of a
particular directory on our server.
Adding auditing for that particular directory with success/failure
Delete/Delete subfolders and files doesn't seem to log any entries in the
security log. Problem is if I then use a GPO to enable Audit Object Access
success/failure this causes a great many Object Access events to be logged,
not just delete events.
Any ideas what I am doing wrong?
Thanks,
Nick
.
Relevant Pages
- Re: Monitoring/auditing files/registry
... You need to enable auditing of object access in the security policy of the ... want to audit but beware that will generate a lot of object access events so ...
(microsoft.public.windows.group_policy) - Re: Possible to track users file system usage?
... You can enable auditing of object access on his computer and then audit ... write permission on directories on his computer that he has write access to ... environment where employees are appreciated and treated fairly along with ...
(microsoft.public.security) - Re: Logging attempted access over a networked connection
... you have to enable auditing of object access in local security policy ... App trying to read from that same location on System A, ...
(microsoft.public.security) - Re: Logging activity on client PCs
... have the minimum needed permissions to the shares. ... First you need to enable auditing of object access on the server and then ... thousands of object access events in the security log so be sure to increase ...
(microsoft.public.security) - Re: Logging activity on client PCs
... have the minimum needed permissions to the shares. ... First you need to enable auditing of object access on the server and then ... thousands of object access events in the security log so be sure to increase ...
(microsoft.public.security) |
|
