| Author |
Auditing Deleted Files
|
|
| trebor 2001-06-18, 3:21 am |
| My question is what steps would I have to take to identify users who have been deleteing files?
Trebor | |
| MnMurphy 2001-06-18, 7:56 am |
| I think you are supposed to audit:
Directory Services access
Process tracking
But then again, I may be the weakest link too. | |
| trebor 2001-06-18, 8:13 am |
| That is the answer that I see in the study guide in front of me but I need some corroborating testimony. Is it Directory Service Access when files are deleted? | |
|
| Enable object access audit policy
and then set sec advance audit tab file/folder properties to enable what actions you want to audit. | |
| dentonb2000 2001-06-18, 10:58 am |
| Agreed on object access. Directory services access only pertains to those folders/printers/devices that are published to AD. |
|
|
|