logging all users actions

Printable View

August 12th, 2004, 08:27 PM
MilitantEidolon

logging all users actions

My problem is being able to track the users on my network.

I am running w2k3 sever and I am wondering a tool or a way to do it through the OS so that it tracks all actions performed by the users registered to the domain?

The network is pretty basic. We have a w2k server running our databases and a w2k3 fileserver as the domain and fileserver. The domain authentication is done through the w2k3 server. Our network is not connected to the internet.

My second question is, if someone deletes something off of the network drive (if they have permissions) were does that deleted file go? Someone deleted a file out of their folder on accident and wanted it back however I couldn't find it in their recycle or the servers recycle bin. I had my backups so I wasn't to worried about it. But I would still like to know where the files go.

Thanks,

- MilitantEidolon
August 12th, 2004, 08:37 PM
ss2chef

Re: logging all users actions

Quote:

Originally posted here by MilitantEidolon

My second question is, if someone deletes something off of the network drive (if they have permissions) were does that deleted file go? Someone deleted a file out of their folder on accident and wanted it back however I couldn't find it in their recycle or the servers recycle bin. I had my backups so I wasn't to worried about it. But I would still like to know where the files go.

Thanks,

- MilitantEidolon

Don't think there is a "recycle bin" for files deleted accross the network.
You could attempt to recover the file with some of the many tools mentioned in recent posts.
I like
r-studio
August 12th, 2004, 08:40 PM
cacosapo

Re: logging all users actions

Quote:

My problem is being able to track the users on my network.

I am running w2k3 sever and I am wondering a tool or a way to do it through the OS so that it tracks all actions performed by the users registered to the domain?

Could you be more specific? whatkind of actions? File System? Internet Surfing?

Quote:

if someone deletes something off of the network drive (if they have permissions) were does that deleted file go?

Until W2K there is no way to recover except backups. Doing some research about W2k3
August 12th, 2004, 08:42 PM
MilitantEidolon

Quote:

Could you be more specific? whatkind of actions? File System? Internet Surfing?

I am talking about what files the users accessed. How long they have been logged, what files they delete and so on and so forth.

Quote:

You could attempt to recover the file with some of the many tools mentioned in recent posts.

No I have all the stuff needed and I am not worried about losing anything I am just wondering where the stuff is stored.

- MilitatnEidolon
August 12th, 2004, 09:15 PM
cacosapo

Logged and log on stuff --> security events on event viewer

You can also turn on some audit features from file system. Take a look at property tabs.
But i would advise than u shouldnt turn for all... you may impact your FS.... but for a small group of files/dir... maybe.
August 12th, 2004, 09:44 PM
djscribble

To set up auditing of files and folders

Click Start, click Run, type mmc /a, and then click OK.
On the Console menu, click Add/Remove Snap-in, and then click Add.
Under Snap-in, click Group Policy, and then click Add.
In Select Group Policy Object, click Local Computer, click Finish, click Close, and then click OK.
In Local Computer Policy, click Audit Policy.
In the details pane, right-click Audit Object Access, and then click Security.
In Local Security Policy Setting, click the options you want, and then click OK.
August 12th, 2004, 09:51 PM
ammo

Re: logging all users actions

Quote:

Originally posted here by MilitantEidolon
My problem is being able to track the users on my network.

I am running w2k3 sever and I am wondering a tool or a way to do it through the OS so that it tracks all actions performed by the users registered to the domain?

Setting the "audit process tracking" in the security policies will show you every processes started by users... and a whole lot more too, which fills up your logs pretty quickly....

Quote:

My second question is, if someone deletes something off of the network drive (if they have permissions) were does that deleted file go? Someone deleted a file out of their folder on accident and wanted it back however I couldn't find it in their recycle or the servers recycle bin. I had my backups so I wasn't to worried about it. But I would still like to know where the files go.

The file goes nowhere and is just plain deleted (although we all know that it's not really "deleted" until it's overwritten or wiped with a utility...). On W2K3 there's a new feature called shadow filesystem which might interest you (haven't used it myself yet so I can't say how well it works)...

Ammo