Are there any programs that log all activity on a Windows 2003 file share?
I'm looking for a simple way to log when a file/folder has been deleted or moved. I'm sort of surprised there doesn't seem to be a way within Windows to do this. I see there's several programs out there to do this, what should I go for?
Edit: I'd also like to be able to record which user is doing it, I assume this would come with any auditing program.
Solution 1:
First you need to enable auditing on the server in question...
Start->Control Panels->Administrative Tools->Local Security Policy
Then, Navigate to Local Policies->Audit Policy.
In there, open "Audit Object Access" and select "Success."
Now, navigate to the root folder of the share, right click, and choose Properties. Click on the security tab, and then click "Advanced."
Change to the "Auditing" tab. Click "Add" and enter the username or groupname whose file access you suspect... "Everyone" will obviously grab everyone. Check off the "Success" checkbox for "Delete Subfolders and Files" and "Delete" option.
Then watch your Security log. Any time anyone deletes a file or folder successfully, it will be logged there.
HTH.
Glenn
Solution 2:
There is something built-in - it's called auditing. You enable it on the fileserver, and then enable it for the actions you care about (success and/or failure on read, delete, etc) on the files or folders you care about.
It's so verbose it's almost useless however. Sorry.