logging changes to network folders in windows network

[bluegreenturtle]

This may be sort of a dumb question; but: is there a way to track changes (deletions, creations, etc) to all network folders in a windows domain? Including other servers (not just the domain controller) in the network? My company wants to figure out who the hell keeps deleting this one folder over and over on a server. (And yes, I do know how to put in security so they can't, but I still want to see the logs).

Thanks.

 

[kzrssk]

Auditing. Put all your servers in one OU or OU branch, then set a group policy on that OU to enable the "Audit object access" policy. On the folder you want to audit, open up the advanced security properties and audit Successes on Delete and Delete All Child Objects privileges. Wait until folder is deleted. Use some sort of event log aggregating utility (the only one I've ever heard of is Event Correlater) to pull all the audit logs. It'll take a lot of reading through log entries, but there ya go.