On Windows Server 2003 someone has deleted the Security and Application logs.
I would like to know when the logs have been deleted and if possible who this criminal is. 🙂
loggingwindows-server-2003
On Windows Server 2003 someone has deleted the Security and Application logs.
I would like to know when the logs have been deleted and if possible who this criminal is. 🙂
Best Answer
In Windows 2003, when the Security log is cleared a new event is automatically written to it that contains the information you're looking for.
Example:
More info from Microsoft
Beyond that, you'd have to have object auditing policies already in place and configured to have any chance of having additional logs of actions taken by users of the system.