missing files

[yuris]

Hello everyone.
I have a server (file server), that is disappearing some files, such some important folders, i guess its not a virus, because the anti-virus server those not acuse anything, and the folders that are deleted are very important, the less important files are not missing. So my best guess is someone inside the company, that knows what to delete to injure the company.

I would like you guys to point me a software that is able to create logs of the deleted files and folders, access, modifications, stuff like that, i have tryied the auditor from win2003 server, but i don't think i logs the deleted files.
And i want this logs to tell me, how is the login that is deleting files.

Thanks

[MURACU]

I am fairly sure that by activating the audits on the server you should be able to see who is deleteing the files. It should be shown in your security log file. You should only activate the audits you need, in this case file deletion, or your logs will fill up fairly quickly.

[TechGrunt]

You may also want to take an audit of permissions and users within your organisation. If you have someone deleting files there is a good chance they don't have a legitimate need or business requirement to access them in the first place. An audit of who can access what may reveal the answer as to who is deleting these files if you see some permission that users shouldn't have. It is also a reasonable practice to undergo if you experience these sort of events too.

[yuris]

My big problem, is the person that i suspect, it must have access to all of these files, i will try to use the windows audit
Thanks all

[Ygunit]

You should think about what happened, then you should scan comstumer's Ip and track them all download and think of where it would mostlikely be.

[nihil]

Hi yuris

You should be able to set user permissions so that they can access files and folders, but not delete them.

You should have done this in the first place, as no user should have access or authority in excess of that which they need to perform their job. I would recommend that you review your security model in some depth.

Remember that most of the user created problems you come across are a result of errors and ignorance rather than malicious intent. It is your job to make sure that they do not have the opportunity.

[ebatt]

We use a package called Undelete on our file servers, keeps the files so that they can be recovered easily and also lets you know who deleted them www.undelete.com.

[morganlefay]

Just read this

http://www.pcmag.com/article2/0,1895,1842335,00.asp

What it does: Killfiles is the simplest sort of Trojan horse, a Windows batch file that deletes specific key system file. It is sometimes used by other Trojans to disable a computer. Killfiles is not a widely-distributed threat.

Could it be????

MLF

[CuseMMA]

Make sure you disable/delete any default accounts that are not in use from installation (i.e. user, administrator, etc.). This provides a simple loophole for someone to just get in and do whatever they want based on someone else's oversight.

[yuris]

This is a person who works here that is deleting, i don't have any virus, or worms. I didn't have a security breach. I suspect of a person, because she is an "ignorant" in computers, maybe by mistake she deleted those folders, but din't warn me, or she is doing this on purpose(she have some personal resons for it, she was recently demoted), and recently folders have been missing.
Thanks god for the Tapes, i have been able to restore all the deleted data.

I have moving around the system, and i got to the "effective Permissions", i can and a user and try to uncheck the Delete Box, this should take the delete privileges. but all the Boxes are Gray, i can't move, and i must to this, folder by folder. Is there a way, where i can get everyone inside a Undelete group, and take the delete privileges?

Thanks for all the replys