-
August 12th, 2004, 08:27 PM
#1
logging all users actions
My problem is being able to track the users on my network.
I am running w2k3 sever and I am wondering a tool or a way to do it through the OS so that it tracks all actions performed by the users registered to the domain?
The network is pretty basic. We have a w2k server running our databases and a w2k3 fileserver as the domain and fileserver. The domain authentication is done through the w2k3 server. Our network is not connected to the internet.
My second question is, if someone deletes something off of the network drive (if they have permissions) were does that deleted file go? Someone deleted a file out of their folder on accident and wanted it back however I couldn't find it in their recycle or the servers recycle bin. I had my backups so I wasn't to worried about it. But I would still like to know where the files go.
Thanks,
- MilitantEidolon
Yeah thats right........I said It!
Ultimately everyone will have their own opinion--this is mine.
-
August 12th, 2004, 08:37 PM
#2
Re: logging all users actions
Originally posted here by MilitantEidolon
My second question is, if someone deletes something off of the network drive (if they have permissions) were does that deleted file go? Someone deleted a file out of their folder on accident and wanted it back however I couldn't find it in their recycle or the servers recycle bin. I had my backups so I wasn't to worried about it. But I would still like to know where the files go.
Thanks,
- MilitantEidolon
Don't think there is a "recycle bin" for files deleted accross the network.
You could attempt to recover the file with some of the many tools mentioned in recent posts.
I like
r-studio
-
August 12th, 2004, 08:40 PM
#3
Re: logging all users actions
My problem is being able to track the users on my network.
I am running w2k3 sever and I am wondering a tool or a way to do it through the OS so that it tracks all actions performed by the users registered to the domain?
Could you be more specific? whatkind of actions? File System? Internet Surfing?
if someone deletes something off of the network drive (if they have permissions) were does that deleted file go?
Until W2K there is no way to recover except backups. Doing some research about W2k3
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
August 12th, 2004, 08:42 PM
#4
Could you be more specific? whatkind of actions? File System? Internet Surfing?
I am talking about what files the users accessed. How long they have been logged, what files they delete and so on and so forth.
You could attempt to recover the file with some of the many tools mentioned in recent posts.
No I have all the stuff needed and I am not worried about losing anything I am just wondering where the stuff is stored.
- MilitatnEidolon
Yeah thats right........I said It!
Ultimately everyone will have their own opinion--this is mine.
-
August 12th, 2004, 09:15 PM
#5
Logged and log on stuff --> security events on event viewer
You can also turn on some audit features from file system. Take a look at property tabs.
But i would advise than u shouldnt turn for all... you may impact your FS.... but for a small group of files/dir... maybe.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
August 12th, 2004, 09:44 PM
#6
To set up auditing of files and folders
Click Start, click Run, type mmc /a, and then click OK.
On the Console menu, click Add/Remove Snap-in, and then click Add.
Under Snap-in, click Group Policy, and then click Add.
In Select Group Policy Object, click Local Computer, click Finish, click Close, and then click OK.
In Local Computer Policy, click Audit Policy.
In the details pane, right-click Audit Object Access, and then click Security.
In Local Security Policy Setting, click the options you want, and then click OK.
[gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM
-
August 12th, 2004, 09:51 PM
#7
Re: logging all users actions
Originally posted here by MilitantEidolon
My problem is being able to track the users on my network.
I am running w2k3 sever and I am wondering a tool or a way to do it through the OS so that it tracks all actions performed by the users registered to the domain?
Setting the "audit process tracking" in the security policies will show you every processes started by users... and a whole lot more too, which fills up your logs pretty quickly....
My second question is, if someone deletes something off of the network drive (if they have permissions) were does that deleted file go? Someone deleted a file out of their folder on accident and wanted it back however I couldn't find it in their recycle or the servers recycle bin. I had my backups so I wasn't to worried about it. But I would still like to know where the files go.
The file goes nowhere and is just plain deleted (although we all know that it's not really "deleted" until it's overwritten or wiped with a utility...). On W2K3 there's a new feature called shadow filesystem which might interest you (haven't used it myself yet so I can't say how well it works)...
Ammo
Credit travels up, blame travels down -- The Boss
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|