Categories
file sharing Operating Systems

Poor mans file audit on Windows Server 2008 R2 – with an easy search function and GUI

I needed a way to audit file deletions on our Windows 2008 R2 Server, but didn’t need to make pretty reports for our C levels, it was just for techs to track down who deleted what. So I used the built in Windows File Audit with GPO.

We also have about 1800 people who use this share, so we had to keep a watchful eye on how many logs were generated, and then script out deletions after a certain period, we chose 14 days is about how far back we want to retain.

Task 1 was to enable the GPO for the server to start actually recording the file deletions in Event Viewer.
Following this guide: http://www.morgantechspace.com/2013/11/Enable-File-System-Auditing-in-Windows.html
You can enable the GPO to start actually logging the deletions attempts.

Task 2 was to separate the security logs into it’s own directory, for easy pruning.
I then had to go to the file server and enable this: http://blogs.technet.com/b/askds/archive/2009/08/04/tracking-a-remote-file-deletion-back-to-the-source.aspx
So that I can start logging. You are essentially enabled file auditing. I only chose to enable the Success of file deletions, nothing else, as that was all the data I want logged.

Task 3 was to script automated deletions of the evtx files after 14 days of age.

I wrote this to do my automated deletions. You will make a cmd, or bat file on your desktop with these contents:
REM Remove Security older than 14 days
forfiles /p "C:\Windows\System32\winevt\Logs\Security" /s /m *.* /c "cmd /c Del @path" /d -14

You can adjust the 14 days to be whatever you like. Then add it to task schedule to automate and run once a day.

Task 4 was to find a way to prune through 2-3GB of evtx files easily.
SOURCE: https://martin77s.wordpress.com/2010/01/16/evtlogparser/
You will need to install LogParser.msi first.
Then run EVTLOGPARSER.EXE – it is portable after the LogParser.msi is installed.
You can then add the security directory directly: \\SERVERNAME\c$\Windows\System32\winevt\Logs\Security
and query eventid 4663 AND/OR under message, search for your file deleted, partials should work.

Categories
file sharing

My new-updated free file hosting website – www.uploadland.com

You may, or may not know, but I have been working on this site for a while. I finally got it the way I want it, please let me know what you think of it, any changes I could/should make to it.

www.uploadland.com

It’s a free service, so go for it, upload/download to your hearts content :).

Categories
file sharing uploadland.com

Free file upload website – www.uploadland.com

Hello all.

I recently acquired a domain www.uploadland.com and have finally gotten around to making it worth a damn! I had a company come in and recode it, so it works properly, and am in the midst of getting the site integrated with vB forums, so that I can do a lot of cool features for those that use the forums.

If you have any ideas what I could do to improve on the site, please let me know. Otherwise, check it out!

Did I mention it was free to upload/share files? 🙂

http://www.uploadland.com