We just implemented this:
http://www.varonis.com/products/datadvantage/ Can't say I love the fat client, and no web interface, but the results are impressive. Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: [email protected] Phone: 610-807-6459 Fax: 610-807-6003 _____ From: Free, Bob [mailto:[email protected]] Sent: Wednesday, July 15, 2009 4:21 PM To: NT System Admin Issues Subject: RE: Who deleted files The other option is something like tripwire. From: Robert LeBlanc [mailto:[email protected]] Sent: Wednesday, July 15, 2009 9:47 AM To: NT System Admin Issues Subject: RE: Who deleted files Snookered is right I do not have auditing on but will turn it on. Never had this issue but now I know why it's there. I have my suspicions on the user only because they were called out on a bunch of non work related things being done during the work day, but no concrete evidence.. From: James Rankin [mailto:[email protected]] Sent: Wednesday, July 15, 2009 10:27 AM To: NT System Admin Issues Subject: Re: Who deleted files Unless you have file auditing turned on, I believe you're kinda snookered. Anyone with the Delete privilege is a suspect 2009/7/15 Robert LeBlanc <[email protected]> Hi all, Is there an easy way to see who deleted files from a networks drive. I've been able to restore the files from backup but we'd like to know who deleted initially. The server is Win2K. Thanks, Robert Robert LeBlanc Network Administrator MCP,MCSE Anesthesia Associates of New Mexico, P.C. (P)505-260-4300 (F)505-260-4338 (E)[email protected] ************************************************************************** ****************** ************************************************************************** ****************** Please note that the information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us by replying to the message and deleting it from your computer. Thank you. Anesthesia Associates of New Mexico, P.C. -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
