| Author | Messages | |
shoktai
Posts:24
 | | 04/23/2008 1:58 PM |
| Hi,
I received several calls about a particular folder where sub folders and
files are deleted. I have enabled the auditing on the folder, set it up to
cover all domain users and log delete files/folders success and failures.
However the log files are huge and i would like to sort them. I can sort
them by eventid, categories,...but i would like to search for a string like
"folder_name", is that possible?
Thanks
| | | |
| MThommes
Posts:64
| | 04/23/2008 2:13 PM |
| Try EventLogExplorer (http://www.eventlogxp.com/) - a neat tool which I
discovered recently via this mail group. And the price is right too -
free for looking at up to 3 computers. It can look for strings very
easily.
Mike Thommes
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Thomas Vito
Sent: Wednesday, April 23, 2008 12:54 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Audit files, folders deletion search
Hi,
I received several calls about a particular folder where sub folders and
files are deleted. I have enabled the auditing on the folder, set it up
to cover all domain users and log delete files/folders success and
failures. However the log files are huge and i would like to sort them.
I can sort them by eventid, categories,...but i would like to search for
a string like "folder_name", is that possible?
Thanks
| | | |
| sbradcpa
Posts:223
| | 04/23/2008 2:18 PM |
| <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
"Fatal Finger Syndrome"
I'll bet they aren't deleted...but dragged/dropped/moved.
I have object access logging enabled on those folders that this happens
to in our office.
Thommes, Michael M. wrote:
<blockquote
cite="mid:3F9C937660B41C45BC775FF00765C6C00814B9C2@SCOOBY.anl.gov"
type="cite">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="Generator" content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PersonName">
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Comic Sans MS";
panose-1:3 15 7 2 3 3 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Comic Sans MS";
color:blue;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style></o:SmartTagType>
<div class="Section1">
<p class="MsoNormal"><font color="blue" face="Comic Sans MS" size="2"><span
style="font-size: 10pt; font-family: "Comic Sans MS"; color: blue;">Try
EventLogExplorer
(<a moz-do-not-send="true" href="http://www.eventlogxp.com/">http://www.eventlogxp.com/</a>
– a neat tool
which I discovered recently via this mail group. And the price is
right too –
free for looking at up to 3 computers. It can look for strings very
easily.<o:p></o:p></span></font></p>
<p class="MsoNormal"><font color="blue" face="Comic Sans MS" size="2"><span
style="font-size: 10pt; font-family: "Comic Sans MS"; color: blue;"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font color="blue" face="Comic Sans MS" size="2"><span
style="font-size: 10pt; font-family: "Comic Sans MS"; color: blue;">Mike
Thommes<o:p></o:p></span></font></p>
<p class="MsoNormal"><font color="blue" face="Comic Sans MS" size="2"><span
style="font-size: 10pt; font-family: "Comic Sans MS"; color: blue;"><o:p> </o:p></span></font></p>
<div>
<div class="MsoNormal" style="text-align: center;" align="center"><font
face="Times New Roman" size="3"><span style="font-size: 12pt;">
<hr tabindex="-1" align="center" size="2" width="100%"></span></font></div>
<p class="MsoNormal"><b><font face="Tahoma" size="2"><span
style="font-size: 10pt; font-family: Tahoma; font-weight: bold;">From:</span></font></b><font
face="Tahoma" size="2"><span
style="font-size: 10pt; font-family: Tahoma;">
<a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir-owner'+'@'+'mail'+'.activedir')".org">ActiveDir-owner@mail.activedir.org</a>
[<a class="moz-txt-link-freetext" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir-owner'+'@'+'mail'+'.activedir')".org">mailto:ActiveDir-owner@mail.activedir.org</a>] <b><span
style="font-weight: bold;">On Behalf Of </span></b>Thomas Vito
<b><span style="font-weight: bold;">Sent:</span></b> Wednesday, April
23, 2008
12:54 PM
<b><span style="font-weight: bold;">To:</span></b> <st1 ersonName
w:st="on"><a class="moz-txt-link-abbreviated" href="javascript:window.location.replace('ma'+'ilto:'+'ActiveDir'+'@'+'mail'+'.activedir')".org">ActiveDir@mail.activedir.org</a></st1ersonName>
<b><span style="font-weight: bold;">Subject:</span></b> [ActiveDir]
Audit files,
folders deletion search</span></font><o:p></o:p></p>
</div>
<p class="MsoNormal"><font face="Times New Roman" size="3"><span
style="font-size: 12pt;"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font face="Times New Roman" size="3"><span
style="font-size: 12pt;">Hi,
I received several calls about a particular folder where sub folders
and files
are deleted. I have enabled the auditing on the folder, set it up to
cover all
domain users and log delete files/folders success and failures. However
the log
files are huge and i would like to sort them. I can sort them by
eventid,
categories,...but i would like to search for a string like
"folder_name", is that possible?
Thanks<o:p></o:p></span></font></p>
</div>
</blockquote>
</body>
</html>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| TG
Posts:63
| | 04/23/2008 2:44 PM |
| You can use eventcombmt tool available as part of several downloads. One
of them is the account lockout tools
http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
Very handy for searching eventlogs.
Thank you, Tony.
Tony Gordon
Windows 2003 & 2000 MCSE, Windows 2003 MCSA, PMP
ITS Infrastructure Engineering
Hewitt Associates | 100 Half Day Road | Lincolnshire, IL 60069 |
USA
Tel 847.295.5000 x50526 | Fax 847.554.1574
tony dot gordon at hewitt dot com | www.hewitt.com
From:
"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
To:
ActiveDir@mail.activedir.org
Date:
04/23/2008 01:22 PM
Subject:
Re: [ActiveDir] Audit files, folders deletion search
"Fatal Finger Syndrome"
I'll bet they aren't deleted...but dragged/dropped/moved.
I have object access logging enabled on those folders that this happens to
in our office.
Thommes, Michael M. wrote:
Try EventLogExplorer (http://www.eventlogxp.com/) ? a neat tool which I
discovered recently via this mail group. And the price is right too ?
free for looking at up to 3 computers. It can look for strings very
easily.
Mike Thommes
From: ActiveDir-owner@mail.activedir.org [
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Thomas Vito
Sent: Wednesday, April 23, 2008 12:54 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Audit files, folders deletion search
Hi,
I received several calls about a particular folder where sub folders and
files are deleted. I have enabled the auditing on the folder, set it up to
cover all domain users and log delete files/folders success and failures.
However the log files are huge and i would like to sort them. I can sort
them by eventid, categories,...but i would like to search for a string
like "folder_name", is that possible?
Thanks
List info : http://www.activedir.org/List.aspx List FAQ :
http://www.activedir.org/ListFAQ.aspx List archive:
http://www.activedir.org/ma/default.aspx
The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
| | | |
| AFidel
Posts:56
| | 04/23/2008 3:45 PM |
| Yep, also known as dying mouse syndrome. If MS ever does NTFSv6 I hope
they add a no move ACL attribute for folders. It is the number one cause
of unnecessary IT involvement in my environment.
Thanks,
Andrew
"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
Sent by: ActiveDir-owner@mail.activedir.org
04/23/2008 02:16 PM
Please respond to
ActiveDir@mail.activedir.org
To
ActiveDir@mail.activedir.org
cc
Subject
Re: [ActiveDir] Audit files, folders deletion search
"Fatal Finger Syndrome"
I'll bet they aren't deleted...but dragged/dropped/moved.
I have object access logging enabled on those folders that this happens to
in our office.
Thommes, Michael M. wrote:
Try EventLogExplorer (http://www.eventlogxp.com/) ? a neat tool which I
discovered recently via this mail group. And the price is right too ?
free for looking at up to 3 computers. It can look for strings very
easily.
Mike Thommes
From: ActiveDir-owner@mail.activedir.org [
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Thomas Vito
Sent: Wednesday, April 23, 2008 12:54 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Audit files, folders deletion search
Hi,
I received several calls about a particular folder where sub folders and
files are deleted. I have enabled the auditing on the folder, set it up to
cover all domain users and log delete files/folders success and failures.
However the log files are huge and i would like to sort them. I can sort
them by eventid, categories,...but i would like to search for a string
like "folder_name", is that possible?
Thanks
List info : http://www.activedir.org/List.aspx List FAQ :
http://www.activedir.org/ListFAQ.aspx List archive:
http://www.activedir.org/ma/default.aspx
| | | |
|
|