Go to your DC and open up the Security event log.
Filter on 540 events, see if that helps.
It would be of great assistance to you if you are auditing this folder, but
odds are you aren't and you don't want to randomly audit files. It consumes
to much cpu time. You will have to filter through all 540 events and there
could be a huge number of them, so many it may not be of any value,
especially since you don't know a time or workstation (IP Address).
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"tslu" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi, I have a situation where an employee had logged into the domain
> network as an administrator and got into a PC to delete certain folders in
> that PC.
>
> Can I obtain information such as :
> 1. Which PC the administrator logged in from
> 2. Which PC the administrator got into
> 3. Time and date the incident happen
Similar Threads
Linear Mode
