how can I log when a user moves a file?

M

mike

I have a situation where several files got moved, but I cannot track which
user did it. I have a timestamp, but the security logs do no really show or
indicate where this came from. Does Window shave this functioality native? If
not which 3rd party products would? thanks in advance for any replies
 
K

Kevinm

Windows does not natively do this. Your best options would be to limit access to the files, or install a file monitoring solution. I believe that www.quest.com has a solution that will do this for you.

--
~Kevinm WLKMMAS [x-MVP]
"mike" <mike@discussions.microsoft.com> wrote in message news:31E22C07-41DE-4048-908F-2A5365BD8B0A@microsoft.com...
I have a situation where several files got moved, but I cannot track which
user did it. I have a timestamp, but the security logs do no really show or
indicate where this came from. Does Window shave this functioality native? If
not which 3rd party products would? thanks in advance for any replies
 
M

mike

I didn't think there was a 'native' way, but wanted to check, thanks!

"Kevinm" wrote:

> Windows does not natively do this. Your best options would be to limit access to the files, or install a file monitoring solution. I believe that www.quest.com has a solution that will do this for you.
>
> --
> ~Kevinm WLKMMAS [x-MVP]
> "mike" <mike@discussions.microsoft.com> wrote in message news:31E22C07-41DE-4048-908F-2A5365BD8B0A@microsoft.com...
> I have a situation where several files got moved, but I cannot track which
> user did it. I have a timestamp, but the security logs do no really show or
> indicate where this came from. Does Window shave this functioality native? If
> not which 3rd party products would? thanks in advance for any replies
 
A

Atlan

Hi Mike,

if files are moved then the OS handles that as a move in the file
system (very quick). But from the security view it is handled as they
are copied and deleted.

So if you are watching these files with the monitoring mechanisms of
NTFS security then you will see the changes in the security section of
the eventlog. You can simply watch for "delete" in the extended
security dialog and will see that events are reported including the
user who did it.

Best regards,
Holger
 
You must log in or register to reply here.

Similar threads

C
I came across a computer. When doing factory reset, it doesn't have Advance Options instead has startup settings and UEFi Firmware settings. How can I
Replies
0
Views
21
Cody Spencer1
C
J
I installed irfI installed Irfanview as admin, but it doesn't show up on my non-admin user account. How can I access it there?
Replies
0
Views
55
JethoroughSX
J
T
How do I get back the login screen when user turns on their domain connected computer?
Replies
0
Views
60
TikTok Beast
T
K
Please can someone tell me how i obtain or view my product key.. I only have a user unique identifier key.. i have an account and have purchased t
Replies
0
Views
14
Kevin Wakeford
K
P
I wonder if there’s a way I can undo the recent action done in File Explorer.
Replies
0
Views
46
PianSa
P
Back
Top Bottom