Jump to content

Files Keep going missing....

Gekko_uk

By Gekko_uk
in Windows 2000/2003/NT4

 Share

Recommended Posts

Gekko_uk

Gekko_uk

Posted
Posted

Hi,

I have a dell 2900 Server with Raid 5.

This server runs WIN2k3 R2 fully updated and as domain/dc/dns.

We have a network drive that all users have read/write access to.

Recently we have been finding folders going missing.

Now this has been happening to all users on the network.

I at first put this down to users deleting files... but today I witnessed it happening.

A user created a new folder X and saved files into it.

After around 3/4 hours they went to add another file to the folder and the folder had gone.

If it stays long enough for the backup routine to run then we can copy it back from there onto the network drive.

But I am at a loss as to why they disapear.

Can anyone help?

Anti Virus is disabled on server as is any scans etc.

Thanks

Andy

Link to comment
Share on other sites

cluberti

cluberti

Posted
Posted

Uninstall any backup and antivirus software (disabling does NOT disable their drivers running in kernel), and then run process monitor against the volume to see if you can "catch" a process deleting files. If the process is "SYSTEM", then you've got a problem :).

Link to comment
Share on other sites
annakin108

annakin108

Posted
Posted

Turn on auditing .... I would start with a full audit. Then look at the logs because depending on how many users you have they could overwrite.

Also, If it is possible I wouldn't have shares on DC's.... but I don't know what you $$$ situation is.

Link to comment
Share on other sites
Gekko_uk

Gekko_uk

Posted
  • Author
Posted

Thanks for the suggestions guys.

In relation to the File Audit, could you detail how I go about this?

On your point about not having file shares on a DC, does this not cause a problem when setting permissions on those drives/files if they are on a different server?

Or do you mean using DFS?

Cheers

Gekko.

Link to comment
Share on other sites
Gekko_uk

Gekko_uk

Posted
  • Author
Posted

Right,

I used google and I have turned it on... for the main directory (also turned it on in local policy).

But in the event log it does not list file names. just the folder they have went into.

Also,

It does not log deletes. - not that I can see.

The event ID for deletes (564) does not show up if someone deletes a folder it dosent show up.

I have selected full audit/all in the audit window.

Any ideas.

Cheers

Andy

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...