Guest JohnB Posted August 7, 2008 Posted August 7, 2008 This is kind of an usual situation; approximately 50 users whose primary use of the network is to RDP into a server to use a company application. It is a Windows 2003 server that was setup as a DC. The clients are Vista and XP, all Home edition. So none of the computers are joined to the domain (I know, unusual). The server is backed up at night by Scheduler using xcopy in a batch file. Everything seems to work fine with the backup. But, almost every day, files and sub-folders turn up missing from one particular folder on the server. They are primarily Word and Excel files (all accessed locally using RDP). I redirect the output of the xcopy commands to a text file. Today when someone reported files missing from the folder, I looked at that backup log and could tell the number of sub-folders was down considerably from the day before. My guess is this could be one of two things; either the xcopy command is somehow *loosing* files/folders or, someone is accidentally deleting or moving files during the day. I have never seen folders come up missing after an xcopy. So am leaning towards the problem being with a user moving/deleting them. I would like to use auditing to find out if a user is responsible. My question is: how do I use Auditing for Object Access if none of the computers are joined to the domain? If they aren't, I can't configure the GP. TIA
Guest Meinolf Weber Posted August 7, 2008 Posted August 7, 2008 Re: Auditing Object Access Hello JohnB, If the users have a domain user account, which i assume, because they use RDP to connect to the server, then open the folder properties where the data is stored, go to Security Tab and enable auditing on the folder, choose the user accounts or better create a group, move all user accounts to the group and add the group for auditing. Now you can see in the event log what the users have done. BTW, using a DC for normal user logons as a Terminal server is a really bad decision from the point of security. A DC should always do it's main work and not be accessed by normal users. For this kind of application server/terminal server use a member server. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > This is kind of an usual situation; approximately 50 users whose > primary use of the network is to RDP into a server to use a company > application. It is a Windows 2003 server that was setup as a DC. The > clients are Vista and XP, all Home edition. So none of the computers > are joined to the domain (I know, unusual). > > The server is backed up at night by Scheduler using xcopy in a batch > file. Everything seems to work fine with the backup. > > But, almost every day, files and sub-folders turn up missing from one > particular folder on the server. They are primarily Word and Excel > files (all accessed locally using RDP). > > I redirect the output of the xcopy commands to a text file. Today > when someone reported files missing from the folder, I looked at that > backup log and could tell the number of sub-folders was down > considerably from the day before. > > My guess is this could be one of two things; either the xcopy command > is somehow *loosing* files/folders or, someone is accidentally > deleting or moving files during the day. I have never seen folders > come up missing after an xcopy. So am leaning towards the problem > being with a user moving/deleting them. I would like to use auditing > to find out if a user is responsible. > > My question is: how do I use Auditing for Object Access if none of > the > computers are joined to the domain? > If they aren't, I can't configure the GP. > TIA >
Guest JohnB Posted August 7, 2008 Posted August 7, 2008 Re: Auditing Object Access Oh ok... I thought I had to also configure a GP. I agree, the way the network is setup isn't ideal. But I just started working here, and management here is resistant to change. Maybe some day. By the way; can Vista Home and XP Home computers join a domain? "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb66a5e278cac6f589d00a40@msnews.microsoft.com... > Hello JohnB, > > If the users have a domain user account, which i assume, because they use > RDP to connect to the server, then open the folder properties where the > data is stored, go to Security Tab and enable auditing on the folder, > choose the user accounts or better create a group, move all user accounts > to the group and add the group for auditing. Now you can see in the event > log what the users have done. > > BTW, using a DC for normal user logons as a Terminal server is a really > bad decision from the point of security. A DC should always do it's main > work and not be accessed by normal users. For this kind of application > server/terminal server use a member server. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and > confers no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >> This is kind of an usual situation; approximately 50 users whose >> primary use of the network is to RDP into a server to use a company >> application. It is a Windows 2003 server that was setup as a DC. The >> clients are Vista and XP, all Home edition. So none of the computers >> are joined to the domain (I know, unusual). >> >> The server is backed up at night by Scheduler using xcopy in a batch >> file. Everything seems to work fine with the backup. >> >> But, almost every day, files and sub-folders turn up missing from one >> particular folder on the server. They are primarily Word and Excel >> files (all accessed locally using RDP). >> >> I redirect the output of the xcopy commands to a text file. Today >> when someone reported files missing from the folder, I looked at that >> backup log and could tell the number of sub-folders was down >> considerably from the day before. >> >> My guess is this could be one of two things; either the xcopy command >> is somehow *loosing* files/folders or, someone is accidentally >> deleting or moving files during the day. I have never seen folders >> come up missing after an xcopy. So am leaning towards the problem >> being with a user moving/deleting them. I would like to use auditing >> to find out if a user is responsible. >> >> My question is: how do I use Auditing for Object Access if none of >> the >> computers are joined to the domain? >> If they aren't, I can't configure the GP. >> TIA >> > >
Guest Meinolf Weber Posted August 7, 2008 Posted August 7, 2008 Re: Auditing Object Access Hello JohnB, Vista versions that can join a domain: Vista Business Vista Business N Vista Enterprise Vista Ultimate XP versions that can join a domain: XP Professional Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Oh ok... I thought I had to also configure a GP. > > I agree, the way the network is setup isn't ideal. But I just started > working here, and management here is resistant to change. Maybe some > day. By the way; can Vista Home and XP Home computers join a domain? > > "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > news:ff16fb66a5e278cac6f589d00a40@msnews.microsoft.com... > >> Hello JohnB, >> >> If the users have a domain user account, which i assume, because they >> use RDP to connect to the server, then open the folder properties >> where the data is stored, go to Security Tab and enable auditing on >> the folder, choose the user accounts or better create a group, move >> all user accounts to the group and add the group for auditing. Now >> you can see in the event log what the users have done. >> >> BTW, using a DC for normal user logons as a Terminal server is a >> really bad decision from the point of security. A DC should always do >> it's main work and not be accessed by normal users. For this kind of >> application server/terminal server use a member server. >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> This is kind of an usual situation; approximately 50 users whose >>> primary use of the network is to RDP into a server to use a company >>> application. It is a Windows 2003 server that was setup as a DC. >>> The clients are Vista and XP, all Home edition. So none of the >>> computers are joined to the domain (I know, unusual). >>> >>> The server is backed up at night by Scheduler using xcopy in a batch >>> file. Everything seems to work fine with the backup. >>> >>> But, almost every day, files and sub-folders turn up missing from >>> one particular folder on the server. They are primarily Word and >>> Excel files (all accessed locally using RDP). >>> >>> I redirect the output of the xcopy commands to a text file. Today >>> when someone reported files missing from the folder, I looked at >>> that backup log and could tell the number of sub-folders was down >>> considerably from the day before. >>> >>> My guess is this could be one of two things; either the xcopy >>> command is somehow *loosing* files/folders or, someone is >>> accidentally deleting or moving files during the day. I have never >>> seen folders come up missing after an xcopy. So am leaning towards >>> the problem being with a user moving/deleting them. I would like to >>> use auditing to find out if a user is responsible. >>> >>> My question is: how do I use Auditing for Object Access if none of >>> the >>> computers are joined to the domain? >>> If they aren't, I can't configure the GP. >>> TIA
Recommended Posts