Re: Need to monitor Deleted files on server shares

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Susan Bradley <sbradcpa@xxxxxxxxxxx>
Date: Wed, 19 Nov 2008 12:59:11 -0800

Leythos wrote:

A client is experiencing files being deleted on a common share that holds project data. All users with permission on the share have FULL permission. Is there a FREE way, possibly through Security Audits (the built in security event log) to setup something that creates an event entry that shows when a file is deleted by a user and who the user is?

Go to the file share properties tab, then to security, then go to advanced, then to the auditing tab. Add tracking for domain users, or authenticated users, then on "delete" actions.

Yup. Works like a champ.
.

Follow-Ups:
- Re: Need to monitor Deleted files on server shares
  - From: Leythos

References:
- Need to monitor Deleted files on server shares
  - From: Leythos

Prev by Date: Re: SBS2003 - RWW Internal error
Next by Date: Re: Need to monitor Deleted files on server shares
Previous by thread: Need to monitor Deleted files on server shares
Next by thread: Re: Need to monitor Deleted files on server shares
Index(es):
- Date
- Thread

Relevant Pages

Re: Server Reports empty
... Security Exception ... To grant this application the required permission ... The server will start to collect new counter value from ... Microsoft CSS Online Newsgroup Support ...
(microsoft.public.windows.server.sbs)
Re: Code Access Security, Evidence Based Security, Code Access Permission, Role Based Permission, et
... confused on the relationship between Code Access Security, Evidence Based ... Security, Code Access Permission, Role Based Permission, Declarative and ... user running it (if this is true, then only the Identity Permission Code ...
(microsoft.public.dotnet.security)
RE: Do all three permission classes (Identity Permission, Code Access Permission and Role Based Perm
... That is correct -- the inputs to CAS for each assembly are that assembly's evidence and the current security policy. ... classify them as a code access permission and an identity permission, since StrongNameIdentityPermission is also a code access security ...
(microsoft.public.dotnet.security)
[NT] Windows 2000 Weak Default Permission on System Partitions
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The system partition by default has Everyone/Full Control access ... permission settings of Everyone/Full Control or Authenticated Users/Full ...
(Securiteam)
Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management
... > for the key being instantiated and Write permission on that key. ... >> security module to inspect the key data and set a label based on data? ... > Whether the security module should use it to impose a lable, probably not, I ... Yes, thanks, I missed the rka instantiation at first. ...
(Linux-Kernel)