Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

NTFS File Audit...need help


Recommended Posts

Hi all,

I'm about to embark on some upgrades of our servers & networks.

We're a media company, and have huge numbers of huge files - 10MB, 100MB, 1000MB. Yes that big, many of them WAV files.

I need to start deleting old files or transferring them to offline storage, but trying to figure out what gets used is impossible. And it's useless asking anyone because all I get is the deer-in-headlights look, or stark-raving-fear-terror-OMG-NO-I-NEED-THAT even though it hasn't been touched in months.

So it seems NTFS File Auditing is the beast I need, but I've never used it before.

This is what I need to do: as time goes on, I want to query the file system for files that have NOT been accessed in the past month, year, and so on.

Can NTFS Audit do this?

Can someone point me toward a good website for NTFS Audit..?

Thanks.

Link to post
Share on other sites

You should try the command find.exe from the unix tool.

find.exe c:\windows -atime +365 -mtime +365

for example will list all files in c:\windows with access date and modified date older than 365 days.

Link to post
Share on other sites

Oh wow. I'll try that on Monday. That may be exactly what I need.

Are the default settings of the NTFS file system sufficient for this to work?

Does anything need to be set to activate the last-accessed metadata, or is that turned on by default..?

Do any "simple" actions like directory listings or the activity of shmedia.dll trigger an update of the last-accessed data?

Link to post
Share on other sites
Are the default settings of the NTFS file system sufficient for this to work?
Yes of course unless you disabled it.
Does anything need to be set to activate the last-accessed metadata, or is that turned on by default..?
Nothing need to be activated. The last access setting might not be accurate on some system and environment.
Do any "simple" actions like directory listings or the activity of shmedia.dll trigger an update of the last-accessed data?
Directory listing shouldn't and i don't know for shmedia.dll.
Link to post
Share on other sites

.... because all I get is the deer-in-headlights look, ...

Very nice and descriptive! :thumbup

I often happen to provoke that, and didn't know how to call it! :whistle:

DeerInHeadlights_2.jpg

jaclaz

Link to post
Share on other sites

HA!!!!

Jaclaz, That's exactly the look I get..!!! :lol:

Allen, thank you! That Unix find.exe is working perfectly. I've just been playing with the -atime, -mtime, and -ctime and getting various results which i should be able to modify to my needs :thumbup

Thanks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...