You are invited to Log in or Register a free Frihost Account!

Who Deleted the file

does anybody here knows how to identify the username that was used to delete a file from a shared drive in Windows 2003 server? Some of my Important files was deleted permanently good thing i was able to recover using a free undelete program. I have my own domain and all of the people here have their own usernames and profiles.

please share your knowledge.

thanks and more power.
Since Windows 2000 all this OSes has logging processing, try to find in the Knowledge Database of Microsoft about this characteristic Cool
You don't any add-on apps to do that. Windows NT or later system have build-in support.

Part 1 - Pre-configure

1.) go create a new group policy object if you are configuring a group of user within a domain / or if it is stand-alone machine, then open the run dialog from start and type gpedit.msc and press enter key.

2.) With the group policy editor opened, go althrough the path as :
-- Computer Confiiguration -> Windows Settings -> Security Settings ->
Local Policies -> Audit Policy.

3.) Enable the entry `Audit object access`

Part 2 - Common Task

4.) Right-click a folder on which you need to enable access monitoring.
Go through the steps: Security tab -> Advanced button -> Auditing tab -> Add button -> Select a user or group from the `select user or group dialogbox. In this case, you may select `Everyone` for all users.

P.S. Let's me knew if still have any problems
Thanks for the feedback bro. I was able to figure the idea but im confused on what type of access do i need to put. I need to catch the login name together with the time that the file was deleted. There are two type of Auditing access mentioned. successful and failed. what option do i need to select to met my requirements?

thanks and more power.

by the way, I made a user group and placed those usernames that I want to monitor as members of the user group that i made. How will I check for the auditing logs? is there a log report or tool that I need to use?

Thanks again.
Basically, that should be depends on your needs.
For the most network environment. This should be both, successfull and failed . Cause admin needs to know who deleted a file and who tried to delete a file.

In you case, should be successful

And, you can go start menu -> Administrative Tools -> Event Viewer
to view the records.
okay great. btw, how do i check for the log file? or the activity file? do you have any idea how?

thanks for the information dude. I really appreciate it. Smile
You can go start menu -> Administrative Tools -> Event Viewer
to view the log file or data. (Windows 2000)


Start Menu -> All Programs -> Administrative Tools -> Event Viewer.

If, the Adminstrative Tools does't showed-up

You can one of the following task.

1. ) Start Menu -> Control Panel -> Switch to class view if in windows xp -> Administrative Tools -> Event Viewer

2.) Right-Click the Start Menu -> Properties -> Advanced Tab -> On the bottom half screen, Start Menu Settings, tick the Display Administrative Toos option to turn it on. Finally, Click OK button to close the dialog box. ( I have forgotten the actual location in window xp. But it not too different than this. Just with more section and / or dialog box, as of this writing I'am in windows 2000 for some jobs )

Wish this help.
thanks. i guess i know where to find it now Smile its windows 2003 server byt the way
if any body deleted from network. you cannot recover. they can only delete if here have the detete credentials. check your security settings. and you can audit policy to find the user. it is availble on group policy or local policy...
Related topics
HELP too many File Changed
File recovery question
Macbook: safe deletion
"Print Spooler" service
Data recovery software
I think I may have deleted a needed file
Deleted all files in File Manager
Recovering Deleted Video File on HTC Sensation 4G Smartphone
Online file storage
File Hub / Image Hub :: A Reliable New File Hosting Service
File Anchor
i deleted my public_html file
Brilliant program for brush addicts...
Problem with a disapearing mysql.sock file
Reply to topic    Frihost Forum Index -> Computers -> Operating Systems

© 2005-2011 Frihost, forums powered by phpBB.