View the file deletion record in win2003. The purpose can be achieved: Record the records of all deleted files in the security of the system daily viewer. The file deletion record was reviewed in the NTFS volume. 1 Open the login and log in to the desktop as the user of the administrators group. Click the Run command in the Start menu, enter gpedit.msc, open the Group Policy Editor, and log in to the account in the Computer Configuration - Security Settings - Local Policies - Audit Policy. Event, double-click the dialog box that appears in the dialog box to select success and failure, which opens the event of auditing user login success and failure. 2 Record the records of the deleted files in the NTFS partition. Same as the computer configuration in the Open Group Policy - Security Settings - Local Policies - Audit Policy Auditing for Objects, Double-click the dialog box that appears in the dialog box to successfully and fail. The settings, now you can set up the review of files and folders. (Note that on the NTFS partition, the simple file sharing is removed from the xp system, otherwise the security label in the NTFS partition is hidden.) For example, we must now review the d:\\client data folder. Select the folder, open the properties, select the security tab, then click Advanced, then select the audit, the default is no audit project, click Add, add the users and groups we want to monitor the audit object, determine the hook in the open dialog box Select “Delete” to succeed. Then select “ Apply these audit items only to the Objects & /Containers check box in this container. OK. You can see the event by opening Event Viewer Security while viewing the record. In win2003, how to record the user's operation record on the file server on the file server, for a number of users to read and write to a folder, it is inevitable that there will be operation errors or accidental deletion. In order to preserve the authenticity of the operation. Record the user's operation, especially the delete log solution for files and folders: If you want to meet your needs, you need to do two operations. One is to enable “ audit object access in the security policy, open this function. Second, it is not enough to open this function. You have to set which user to open which audit for which file. To do this, right click on the properties of the file you want to view the operation log, select “Security>--> “Advanced -->"Audit"-->and add a user to review. For example, everyone --> select a specific audit item, for example, to check whether the user has run this file, whether to rename the file, etc. If you want to review all operations, select Full Control. Finally, you can view the specific operation record in the security log. View file server modify record setting method for writing deleted files ------ By setting folder audit policy windows can use audit policy to track user accounts for accessing files or other objects, login attempts, system shutdown or restart, and the like The events, while the audit files and folders under the NTFS partition can guarantee the security of files and folders. The steps for setting up auditing for files and folders are as follows: In the first step, in the Group Policy window (the file server opens the domain controller policy on the DC at this time), expand the "Computer Configuration" in the left window step by step; &rquo; "<quo;Windows Settings”→“Security Settings”→“Local Policies” Branch, under the branch, select the "Audit Policy" option. In the second step, double-click the “Review Object Access” option in the right window, and ““Local Policy Settings” in the pop-up “Local Security Policy Settings” window will be “successful”. And the &;Failure” checkboxes are marked with “√” and then click the “OK” button. In the third step, right-click the file or folder you want to review, select the “Properties” command in the pop-up menu, and then select the “Security” label in the pop-up window. In the fourth step, click the “Advanced” button and select the "Audit" label. Step 5: Choose an action based on your situation: If you want to set up a review for a new group or user, click the “Add” button and type a new username in the "Name" box, then click “ The OK " button opens the “Audit Project” dialog. To view or change an existing group or user review, select the username and click the “View/Edit” button. To delete an existing group or user review, select the username and click the “Delete” button. In the sixth step, if necessary, select the item you want to review in the “Apply to” list in the “Review Project” dialog box. In the seventh step, if you want to prevent files and subfolders in the directory tree from inheriting these audit items, select “only apply these audit items to the objects and/or containers in this container. It is important to note that only users who are members of the Administrators group or who are granted the “Manage audit and security logs” permission in Group Policy can audit files or folders. Before Windows XP audits files and folders, users must enable “audit object access” in Group Policy Audit Policy". Otherwise, an error message will be returned when the file and folder audit is set, and the files and folders are not reviewed. Note: According to this method, you can manage "file server" in shared file read and delete\\change.