Servers are 2003 standard server SP1 and all users are XP Pro.

Example: I have a folder on a file server called Marketing. Marketing has
many sub folders in it. Sometimes data gets deleted from something in
Marketing and I have to restore it from tape.

How can I audit Marketing to track what users access and when so I can
pinpoint a user that has deleted data so I can better educate them and
prevent the deletions?
--
Thanks, Steve

Enabling file auditing is a 2-step process.

[1] Configure "audit object access" in AD Group Policy or on the server's
local GPO. This setting is located under Computer Configuration-->Windows
Settings-->Security Settings-->Local Policies-->Audit Policies. Enable
success/failure auditing for "Audit object access."

[2] Configure an audit entry on the specific folder(s) that you wish to
audit. Right-click on the folder-->Properties-->Advanced. From the
Auditing tab, click Add, then enter the users/groups whom you wish to audit
and what actions you wish to audit - auditing Full Control will create an
audit entry every time anyone opens/changes/closes/deletes a file, or you
can just audit for Delete operations.

After you've done both of these steps, any file deletions will show up in
the Security log of the file server that hosts those files.

HTH


--
-----------------------
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)
Author: _Active Directory Cookbook, Second Edition_
(http://tinyurl.com/z7svl)

"SteveP" <SteveP@news.postalias> wrote in message
news:759D1489-BA2E-4844-A09F-359A53DA6890@microsoft.com...

Perfect. Just what I needed and a step-by-step.

Thanks for helping, Laura.

May I ask if I make the policy on a local server (not a GP network wide) can
I assign a particular location on that local server for the logs or does it
have to go on C: drive by default?
--
Thanks, Steve


"Laura E. Hunter [MVP]" wrote: