Gekko_uk Posted April 3, 2007 Share Posted April 3, 2007 Hi,I have a dell 2900 Server with Raid 5.This server runs WIN2k3 R2 fully updated and as domain/dc/dns.We have a network drive that all users have read/write access to.Recently we have been finding folders going missing.Now this has been happening to all users on the network.I at first put this down to users deleting files... but today I witnessed it happening.A user created a new folder X and saved files into it.After around 3/4 hours they went to add another file to the folder and the folder had gone.If it stays long enough for the backup routine to run then we can copy it back from there onto the network drive.But I am at a loss as to why they disapear.Can anyone help?Anti Virus is disabled on server as is any scans etc.ThanksAndy Link to comment Share on other sites More sharing options...
cluberti Posted April 3, 2007 Share Posted April 3, 2007 Uninstall any backup and antivirus software (disabling does NOT disable their drivers running in kernel), and then run process monitor against the volume to see if you can "catch" a process deleting files. If the process is "SYSTEM", then you've got a problem . Link to comment Share on other sites More sharing options...
annakin108 Posted April 3, 2007 Share Posted April 3, 2007 Turn on auditing .... I would start with a full audit. Then look at the logs because depending on how many users you have they could overwrite. Also, If it is possible I wouldn't have shares on DC's.... but I don't know what you $$$ situation is. Link to comment Share on other sites More sharing options...
Gekko_uk Posted April 4, 2007 Author Share Posted April 4, 2007 Thanks for the suggestions guys.In relation to the File Audit, could you detail how I go about this?On your point about not having file shares on a DC, does this not cause a problem when setting permissions on those drives/files if they are on a different server?Or do you mean using DFS?CheersGekko. Link to comment Share on other sites More sharing options...
Gekko_uk Posted April 4, 2007 Author Share Posted April 4, 2007 Right,I used google and I have turned it on... for the main directory (also turned it on in local policy).But in the event log it does not list file names. just the folder they have went into.Also,It does not log deletes. - not that I can see.The event ID for deletes (564) does not show up if someone deletes a folder it dosent show up.I have selected full audit/all in the audit window.Any ideas.CheersAndy Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now