Sign in to follow this  
Followers 0
gadzail

intercept delete file event

4 posts in this topic

Hi all,

I would like to create a service that run on a server to intercept the users command that delete file (or move) on a specific folder.

This help me to create a log file of these events in case of an accidentally delete (or move) of an important file so I can try to restore or at least I could know what happened.

Is it possible?

I know how to create the service but I don't know how to intercept these events.

I didn't find a solution on the forum (but maybe I didn't search with the right words).

Thanks.

Share this post


Link to post
Share on other sites



Hi all,

I would like to create a service that run on a server to intercept the users command that delete file (or move) on a specific folder.

This help me to create a log file of these events in case of an accidentally delete (or move) of an important file so I can try to restore or at least I could know what happened.

Is it possible?

I know how to create the service but I don't know how to intercept these events.

I didn't find a solution on the forum (but maybe I didn't search with the right words).

Thanks.

Go into Local Security Policy (assuming this is not an AD domain), Audit Policy, and enable auditing of object access. The go to the security tab on that file and/or directory and then hit the Advanced button. On the Advance Security Settings dialog, select the Auditing tab and add the required auditing events. Anything you configure to be audited will be logged to the Event Log.

<_<


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Go into Local Security Policy (assuming this is not an AD domain), Audit Policy, and enable auditing of object access. The go to the security tab on that file and/or directory and then hit the Advanced button. On the Advance Security Settings dialog, select the Auditing tab and add the required auditing events. Anything you configure to be audited will be logged to the Event Log.

<_<

Many thanks :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0