Forum

Ultimate Windows Security Forum » Security Log » 4660 - An object was deleted » Event Id 4660 not logged for deleting Share...

Event Id 4660 not logged for deleting Share... Expand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
randomgood
Posted 7/20/2016 5:26:31 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 8/21/2016 2:10:19 PM
Posts: 2, Visits: 7
Hi. I am trying to identify deleted files. If I delete a file in network share (in windows 2012 r2), 4660 is not generated.
Normal file deletion is logging 4660. But deleting shared file does not generate the same event.
The event is generated well in windows server 2008.

Is there any alternate event in windows server 2012 r2?
Post #6235
derekthomas
Posted 7/24/2016 3:21:38 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 223, Visits: 0
Take a look at event ID 4663 and look for any "Delete" accesses.
Post #6242
randomgood
Posted 8/10/2016 1:08:32 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 8/21/2016 2:10:19 PM
Posts: 2, Visits: 7
Hi,
But after deletion 4663 is also not available. (This happens only for network share deletion)
Post #6247
derekthomas
Posted 8/16/2016 8:36:12 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 223, Visits: 0
Ensure that proper logging is enabled as outlined here: https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4663.
Post #6253
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 5:24am