What can be achieved:
Record all deleted files in the security of the system daily file viewer The record of the user of the file.
The file deletion record in the NTFS volume was reviewed.
1 Turn on login audit
Log in to the desktop as a user in the administrators group click the run command in the start menu enter gpedit.msc open the group policy editor and go to Computer Configuration-Security Settings-Local Policies -Audit account login events in the audit policy. Double-click to check the success and failure in the dialog box that appears that is open the audit user login success and failure events.
2 Record the record of deleted files in the NTFS partition
Same as 1. Open the computer configuration in the group policy-security settings-local policy-audit policy audit target double-click in the dialog box that appears Check the success and failure after the above settings you can now set the file and folder audit. (Note that the simple file sharing must be removed on the NTFS partition and the xp system otherwise the security label in the NTFS partition is hidden)
For example now we must review the d:\\customer information folder. Select the folder open the properties select the security tab then click Advanced and then select Audit. By default there is no audit item. Click Add to add the users and groups we want to monitor and audit objects. After confirming click the check box in the open dialog box Select \u0026ldquo;delete\u0026rdquo; successfully. Then select the \u0026ldquo;Apply these audit items only to the objects and/containers in this container\u0026rdquo; check box. OK. Open the event viewer security when viewing the record to see the event.
How to record the user's operation record on the file server in win2003
On the file server for multiple users to read and write to a folder it is inevitable that there will be operations Error or accidental deletion. In order to preserve the authenticity of the operation. If you set to record the user's operation especially the deletion log of files and folders.
If you want to meet your needs Two operations are required.
One is to enable \u0026ldquo;audit object access\u0026rdquo; in the security policy and enable this function.
The second is that it’s not enough to just enable this function. You have to set which users to open which audits for which files.
The method is to right-click and select the properties of the file you need to view the operation log select \u0026ldquo;Security\u0026rdquo;--\u0026gt; \u0026ldquo;Advanced\u0026rdquo;--\u0026gt;\u0026quot;Audit\u0026quot;--\u0026gt; and add a required Audit users such as everyone --> Then select specific audit items such as audit whether the user has run this file whether to rename this file etc. If you want to audit all operations select full control.
Finally you can view the specific operation records in the security log.
View the file server to modify the record setting method of writing and deleting files ------ by setting the folder audit policy
windows can use the audit policy to track the access to files or User accounts of other objects login attempts system shutdown or restart and similar events while auditing files and folders under NTFS partitions can ensure the safety of files and folders. The steps for setting up auditing for files and folders are as follows:
The first step is to expand the \u0026ldquo;computer in the left window in the group policy window (the file server is on the DC at this time open the domain controller policy) Configure the \u0026rdquo;\u0026rarr;\u0026ldquo;Windows Settings\u0026rdquo;\u0026rarr;\u0026ldquo;Security Settings\u0026rdquo;\u0026rarr;\u0026ldquo;Local Policy\u0026rdquo; branch select the \u0026ldquo;Audit Policy\u0026rdquo; option under the branch.
The second step is to double-click the 'audit object access' option in the right window and in the pop-up 'local security policy settings' window set the 'local policy settings' in the box ' ;Success\u0026rdquo; and \u0026ldquo;failure\u0026rdquo; check boxes are marked with \u0026ldquo;\u0026radic;\u0026rdquo; mark and then click \u0026ldquo;OK\u0026rdquo; button.
The third step right-click the file or folder you want to review select the 'Properties' command in the pop-up menu and then select the 'Security' tab in the pop-up window.
The fourth step is to click the 'Advanced' button and select the 'Review' tab.
The fifth step choose the operation according to the specific situation:
If you want to set up audit for a new group or user you can click the 'Add' button and type new in the 'Name' box Username and then click the \u0026ldquo;OK\u0026rdquo; button to open the \u0026ldquo;review project\u0026rdquo; dialog box.
To view or change the original group or user review you can select the user name and click the \u0026ldquo;View/Edit\u0026rdquo; button.
To delete the original group or user review you can select the user name and click the \u0026ldquo;Delete\u0026rdquo; button.
The sixth step if necessary select the items you want to review from the 'Apply to' list in the 'Apply to' dialog box in the 'Approve items' dialog box.
The seventh step if you want to prohibit files and subfolders in the directory tree from inheriting these audit items select the 'Apply these audit items only to the objects and/or containers in this container' checkbox. It should be noted that only members of the Administrators group or users who have been granted the 'Manage Audit and Security Log' permission in Group Policy can audit files or folders. Before Windows XP audits files and folders users must enable the 'audit object access' of the 'audit policy' in the group policy. Otherwise an error message will be returned after setting the file and folder audit and the file or folder has not been audited.
Note: According to this method you can manage the read and delete/change of shared files in the \u0026quot;File Server\u0026quot;.?Steps to modify the mysql data directory under Win2008 r2