how to track the users...in the domain

jerry · External Since: Mar 18, 2006 Posts: 2

I' m using windows 2000 server as our domain contoller. there are shared
folders with full permissions read/write as it is used for our
applications. this shared folders is mapped to all users as various drives.
recently one of the user deleted a file from this folder. i checked the event
viewer of the server but couldnot find the users.

is there any way to get a report or track the users as they logon into the
domain by the administrator .

Roger Abell MVP · External Since: Apr 12, 2004 Posts: 671

You might want to look into auditing.

Auditing is discussed in multiple MS planning/deployment guides,
as well as in the Windows built-in help system.
You may audit many things, including
1. login and logout success and/or failure, at both the domain
controller level and at the non-DC sharing server level if
that is different from the DCs of the domain
2. NTFS filesystem actions, including only successful delete

After auditing is set up (you need to specify what should cause
an audit record in the security event log) there will be a record.
For action before auditing is defined, there is none.

Roger

"jerry" <jerry.TakeThisOut@discussions.microsoft.com> wrote in message
news:67C654F4-81A9-4DCE-9A43-D77E1C5B49B0@microsoft.com...
> I' m using windows 2000 server as our domain contoller. there are shared
> folders with full permissions read/write as it is used for our
> applications. this shared folders is mapped to all users as various
> drives.
> recently one of the user deleted a file from this folder. i checked the
> event
> viewer of the server but couldnot find the users.
>
> is there any way to get a report or track the users as they logon into
> the
> domain by the administrator .

Benny Van · External Since: Jul 30, 2007 Posts: 1

On Jul 29, 9:27 am, "Roger Abell [MVP]" <mvpNoS... RemoveThis @asu.edu> wrote:
> You might want to look into auditing.
>
> Auditing is discussed in multiple MS planning/deployment guides,
> as well as in the Windows built-in help system.
> You may audit many things, including
> 1. login and logout success and/or failure, at both the domain
> controller level and at the non-DC sharing server level if
> that is different from the DCs of the domain
> 2. NTFS filesystem actions, including only successful delete
>
> After auditing is set up (you need to specify what should cause
> an audit record in the security event log) there will be a record.
> For action before auditing is defined, there is none.
>
> Roger
>
> "jerry" <je... RemoveThis @discussions.microsoft.com> wrote in message
>
> news:67C654F4-81A9-4DCE-9A43-D77E1C5B49B0@microsoft.com...
>
> > I' m using windows 2000 server as our domain contoller. there are shared
> > folders with full permissions read/write as it is used for our
> > applications. this shared folders is mapped to all users as various
> > drives.
> > recently one of the user deleted a file from this folder. i checked the
> > event
> > viewer of the server but couldnot find the users.
>
> > is there any way to get a report or track the users as they logon into
> > the
> > domain by the administrator .

In task manager, you will also be able to find the current active and
inactive user sessions.

Jon Holvoet · External Since: Aug 03, 2007 Posts: 1

This is exactly the purpose of auditing.
See the following article for Windows 2000:
http://support.microsoft.com/kb/300549

--

Jon Holvoet
MCSA / MCSE Security
Comptia Security+
CISSP

"jerry" <jerry.TakeThisOut@discussions.microsoft.com> wrote in message
news:67C654F4-81A9-4DCE-9A43-D77E1C5B49B0@microsoft.com...
> I' m using windows 2000 server as our domain contoller. there are shared
> folders with full permissions read/write as it is used for our
> applications. this shared folders is mapped to all users as various
> drives.
> recently one of the user deleted a file from this folder. i checked the
> event
> viewer of the server but couldnot find the users.
>
> is there any way to get a report or track the users as they logon into
> the
> domain by the administrator .