نوشته اصلی توسط
popco
دوست عزیز ممنونم از پاسخگویی
من دسترسی ها رو چک کردم فقط کارای اون واحد به فایها دسترسی دارند و مدیر اون واحد مدعی که کارمنداش پاک نکردن.
ویندوز یک امکانی بنام Audit داره .فکر کنم اگر کاربرا پاک کنن اونجا لاگ می کنه ! درسته؟؟؟
اگر این امکان وجود داره میشه راهنمایی کنید که چگونه راه اندازی کنم
سپاسگذارم
Audit Windows Directories - Configure Windows for Auditing
How to enable Audit Reporting
Enable Auditing on the computer being monitored
You will need to enable the audit policy Audit Object Access, using the "Local Security Policy" program or the "Group Policy" program if your computer is a member of a domain.
The only policy that needs to be enabled is the "Audit Object Access" policy. The other policies can be left as they are. As we are only interested in the "Success" events, I did not enable "Failure".
Depending on your version of Windows the screen might look a little different.
Enable Auditing for the directory being monitored
Now you must enable auditing for the directory being monitored. Using Windows Explorer, select:
Properties -> Security tab -> Advanced button -> Auditing tab
Press the
Add button to select the User or Group you want to Audit. Enter the text "Everyone" (without the quotes) and press the
Check Names button and press OK.
On the next screen you enable auditing for "Delete" and "Delete Subfolders and Files".
The screenshot shows these settings for the directory C:\WUTemp.
This will setup this directory to audit deleted files and subfolders. If you also want auditing for new files and folders you should enable the other options (such as Create files/Write data).
If you want notifications for
failed attempts, check those options as well.