|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Security problemsHey people, anyone know how to check who deleted files from a network share,
The permissions allow all users to delete files within folders, someone has managed to delete various files all over the place within a major project folder. I have managed to restore the project from backups and Winundelete Only thing i that the files were on a NAS and i have no idea where to look to find who deleted the files. Help please... This solution won't help figure out who deleted the ones that were already
deleted, but if you're using a Windows server, I know you can set security audits to store information in the Security Event Log for those people who use their Delete permission. This link might help: http://technet2.microsoft.com/WindowsServer/en/Library/5658fae8-985f-48cc-b1bf-bd47dc2109161033.mspx?mfr=true Also, if the information in a project folder is important, only management and IT administrators should be granted permissions for file deletion. All others should be implicitly denied delete permission (i.e., clear the permit box for the delete permission). Dave Show quoteHide quote "Massblue" <Massb***@discussions.microsoft.com> wrote in message news:0E1A65A3-A9D9-4ED0-87EE-42E1A80F8FC9@microsoft.com... > Hey people, anyone know how to check who deleted files from a network > share, > The permissions allow all users to delete files within folders, someone > has > managed to delete various files all over the place within a major project > folder. > I have managed to restore the project from backups and Winundelete > Only thing i that the files were on a NAS and i have no idea where to look > to find who deleted the files. > Help please... Except that any MS document would then end up with a gazillion temp
files in the directory and possibly have trouble saving new versions of files :( David Lee Conley wrote: Show quoteHide quote > This solution won't help figure out who deleted the ones that were already > deleted, but if you're using a Windows server, I know you can set security > audits to store information in the Security Event Log for those people who > use their Delete permission. > > This link might help: > http://technet2.microsoft.com/WindowsServer/en/Library/5658fae8-985f-48cc-b1bf-bd47dc2109161033.mspx?mfr=true > > Also, if the information in a project folder is important, only management > and IT administrators should be granted permissions for file deletion. All > others should be implicitly denied delete permission (i.e., clear the permit > box for the delete permission). > > Dave > > "Massblue" <Massb***@discussions.microsoft.com> wrote in message > news:0E1A65A3-A9D9-4ED0-87EE-42E1A80F8FC9@microsoft.com... > > Hey people, anyone know how to check who deleted files from a network > > share, > > The permissions allow all users to delete files within folders, someone > > has > > managed to delete various files all over the place within a major project > > folder. > > I have managed to restore the project from backups and Winundelete > > Only thing i that the files were on a NAS and i have no idea where to look > > to find who deleted the files. > > Help please... Saving new versions of files shouldn't be a problem if users are given write
and modify permissions. Also, a script file that runs daily can eliminate temp files. Dave Show quoteHide quote "Brian Hampson" <brian.hamp***@gmail.com> wrote in message news:1153255662.886202.213210@b28g2000cwb.googlegroups.com... > Except that any MS document would then end up with a gazillion temp > files in the directory and possibly have trouble saving new versions of > files :( > > David Lee Conley wrote: >> This solution won't help figure out who deleted the ones that were >> already >> deleted, but if you're using a Windows server, I know you can set >> security >> audits to store information in the Security Event Log for those people >> who >> use their Delete permission. >> >> This link might help: >> http://technet2.microsoft.com/WindowsServer/en/Library/5658fae8-985f-48cc-b1bf-bd47dc2109161033.mspx?mfr=true >> >> Also, if the information in a project folder is important, only >> management >> and IT administrators should be granted permissions for file deletion. >> All >> others should be implicitly denied delete permission (i.e., clear the >> permit >> box for the delete permission). >> >> Dave >> >> "Massblue" <Massb***@discussions.microsoft.com> wrote in message >> news:0E1A65A3-A9D9-4ED0-87EE-42E1A80F8FC9@microsoft.com... >> > Hey people, anyone know how to check who deleted files from a network >> > share, >> > The permissions allow all users to delete files within folders, someone >> > has >> > managed to delete various files all over the place within a major >> > project >> > folder. >> > I have managed to restore the project from backups and Winundelete >> > Only thing i that the files were on a NAS and i have no idea where to >> > look >> > to find who deleted the files. >> > Help please... > 
Other interesting topics
Help encrypt conn string - no ASP, no server, can't protect keys, can't use Windows Authentication
Non Administrator creating shares on a DC SMIME Decryption How to ByPass Protected Storage Prompt Getting the Access Permissions for a specific SID on a File / folder Detecting if a NTAccount is user or a group Native RC4 code System.Text.Encoding help ???? where is X509Certificate2UI PROTECT FROM DECOMPILERS |
|||||||||||||||||||||||
