How to know who deleted the file

Working in the office when all the computers are connected in one network when folders and files have access to other employees of the company, the risk of one day not finding the file, folder, or document. And then the question arises: where did he go, who would remove it? Is it possible to get information about who deleted a file from your computer? It is possible, you only need to enable auditing of access to files and folders.

How to know who deleted the file
How to watch last action on the computer
How to track user actions
How to watch network activity

You will need

Personal computer, access as administrator

Instruction

For this you need to go to "start menu" and click on the option "control Panel". In the opened window choose the option "Performance and maintenance" in Windows 7, choose "System and security". Click on the tab labeled "Administration" and open it by double clicking the left mouse button. In the opened window, select "Local security policy". If the window does not open when you double-click the left mouse button, then right click and open the entrance as administrator. In the new window click on the folder "Local policies" and then choose the folder "audit Policy". Left to do click on "Audit object access".

In the dialog that appears, check either the option "Success" (it will keep track of all successful attempts to open the file), or "Failure" (this option allows you to track unsuccessful attempts). To track all attempts to access files you need to install two check boxes. The last step – press the "OK"button.

After the establishment of the audit in the "Properties" of the folder, the operations on which you wish to monitor in the "Security" section click the icon "Advanced", select "Audit" and in the opened window, click on the word "Advanced" and enter the name of the user or user group whose actions with this folder will be monitored. You can select different user lists. It is also worth noting that these settings you can always change, following the same operation principle. Now you will always know who has worked with filesand and by whose negligence they were gone. This feature is useful for people who work in different companies for computers.

Is the advice useful?