Thanks, it refreshed the policy already without the reboot. Looks like have what I need now.
I appreciate the guidance. Paul ________________________________ From: James Winzenz [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2008 5:31 PM To: NT System Admin Issues Subject: RE: logging deleted files You shouldn't have to wait for the server to reboot for the GPO to be updated - if you want, you can force the group policy settings to be refreshed sooner than the default group policy refresh interval. Thanks, James Winzenz Infrastructure Engineer - Security Pulte Homes Information Services ________________________________ From: Paul Everett [mailto:[EMAIL PROTECTED] Posted At: Thursday, September 18, 2008 2:12 PM Posted To: NTSysadmin Conversation: logging deleted files Subject: RE: logging deleted files I don't know if that would be a nightmare or a revelation to find out that my DC wasn't my DC, but alas it is. It just doesn't show either of the Domain Security Policy's in Admin Tools. I did however find the Domain Controller Security Policy in the GP of the Domain Controllers in Active Directory. I made the change and expect it to show up with my next Server roboot. Thanks! ________________________________ From: Steve Moffat [mailto:[EMAIL PROTECTED] On Behalf Of NTSysAdmin Sent: Thursday, September 18, 2008 4:22 PM To: NT System Admin Issues Subject: RE: logging deleted files If it's a DC then you "should" have both Domain Controller Security Policy and Domain Security Policy in Admin Tools, if not, it's not your DC. S From: Paul Everett [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2008 3:34 PM To: NT System Admin Issues Subject: RE: logging deleted files I don't have a Domain Controller Security Policy in Admin Tools, just Local Security Policy and "yes" the "Define these policy settings" box is missing. I just meant the files in question are on the DC. ________________________________ From: Ralph Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2008 2:15 PM To: NT System Admin Issues Subject: RE: logging deleted files I think you want to go to Administrative Tools > Domain Controller Security Policy > Local Security Policy if this applies to the domain controller. There should be a box for "Define these policy settings". Is that what's missing? I'm not sure what you mean by the file being located in the Domain Group Policy on the DC. Do you mean the file is on the Domain Controller under the C:\WINDOWS\SYSVOL\domain\Policies folder? Ralph Smith Gateway Community Industries 845-331-1261 x234 ________________________________ From: Paul Everett [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2008 1:31 PM To: NT System Admin Issues Subject: RE: logging deleted files Thanks for the link Ralph. I have auditing from the folder in question's Properties enabled and also in Domain Group Policy on the DC, which is were the file is located. I can't get anything to show up in event log. In the Local Security Policy the "audit local object" success and failures are grayed out with no "enable" box. ________________________________ From: Ralph Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2008 11:47 AM To: NT System Admin Issues Subject: RE: logging deleted files http://sogeeky.blogspot.com/2006/07/how-to-audit-and-track-file-deletion s.html Ralph Smith Gateway Community Industries 845-331-1261 x234 ________________________________ From: James Rankin [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2008 10:43 AM To: NT System Admin Issues Subject: Re: logging deleted files You can turn on file auditing for particular folders if you know which folders are at risk Right-click folder Properties, Security, Advanced, Auditing 2008/9/18 Paul Everett <[EMAIL PROTECTED]> Is there anything that logs the event when files are deleted over the network? A user in one of our departments is deleting files, either unintentionally or not. The best I can do is check my daily backups to find out which day it happened, but we'd like to find out who it is. We don't need something to recover deleted network files, just something that logs the event that includes the username. Is there anything out there that can do this? We have a 2003 AD Domain. Thanks, Paul Everett IS Dept. Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message, including attachments. Confidentiality Notice: ****************** This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to whom it is addressed. Any review, dissemination, or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message. Confidentiality Notice: ****************** This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to whom it is addressed. Any review, dissemination, or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message. CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
