Since the situation describes an after the fact need, Windows auditing will do no good unless it had been configured. As others have pointed out certain applications such as MS Office have addition metadata available to answer the question if the files in question are Office files. If the need is great enough, a forensic review can be conducted.
MS Office files can have even more metadata than what is accessible to Windows Explorer with the right tools and knowledge. Another possibility is to restore previous versions from backups and check each version for who last edited with the metadata accessible to Windows Explorer. There may be other possibilities, but specifics such as file type and server configuration and backup configuration would be needed.
Auditing solutions will definitely help you with the future issues of such kind, but none of them will help you with the existing problem. What type of file is it? If it is a Microsoft Office file, then the owner of the file is changed every time the file is "saved" by a user.
That user becomes the owner. If you have "previous versions" enabled on the share, then you'll see all the change versions for that file for the last XX days 2 weeks by default?
Open each version, look for claimed changes in the doc as well as the "owner" of that specific version. Previous version snapshots are taken in the morning and at the end of the day. So if someone else has changed the file again, but before the snapshot was taken, then you will not be able to find the culprit. I've found that a software application called LANGuardian is an excellent solution for this. It grabs traffic off the wire and keeps an audit trail of file activity.
Also there are no agents or clients involved which made the process so much easier. It monitors and records every access to file shares, recording details of user name, client application, server name, event type, file name and data volume. The attached video tells you more about what you can do with LANGuardian in relation to file shares. Yes, digging into file versions stored in shadow copies if available can help in this particular situation, that's true.
My suggestion about auditing was more a long-term fix to prevent similar situations in the future. LANGuardian - yes, this might work, however keep in mind that it only captures network traffic and all changes done locally will not be captured in this particular situation may not be as important since the files are on the server access by clients.
Active Oldest Votes. Improve this answer. Marie Fischer Marie Fischer 1, 1 1 gold badge 13 13 silver badges 12 12 bronze badges. No, there is no reliable way to discover that. Yeah but no other tools to dig out? Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password.
Post as a guest Name. Python Javascript Linux Cheat sheet Contact. Find out username who modified file in C I cant remember where I found this code but its an alternative to using pInvoke which I think is a bit overkill for this task.
GetDirectoryName file ; Shell Shell ; Shell FolderItem2 item in objFolder. Append objFolder. Substring 0, result. See also How do I know what version of a package is installed Linux? Like this post? Please share to your friends:. Even though HyperTerminal is not a part of Windows 10, the Windows 10 operating. Move the mouse pointer to the lower left corner of the screen, right-click, and.
Do I need to reinstall Windows after replacing hard drive? This site uses cookies to store data. By continuing to use the site, you consent to the processing of these files.
0コメント