Unless you had some auditing setup (file system or registry) prior there probably isn't a way.
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We have a system DSN ODBC data source on a Windows Server 2012 R2 Standard server that was deleted. How can I determine who deleted the data source?
Unless you had some auditing setup (file system or registry) prior there probably isn't a way.
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
Hi,
Thanks for posting on our forum!
Yes, I agree with what @Anonymous said, you need to give us more details about your storage settings. If you haven't configured any audit policy for files and folders, you should configure it right now. Then you will see event log entry's for file deletion and so on. You need to be careful when setting "auditing". If you go over the top it can put a considerable overhead on the server. Here are some articles you can follow:
Configuring Audit Policies
Advanced Security Audit Policy Step-by-Step Guide
If you have already configured audit policy for your files and folders, you can go to run cmd command regedit to check if you use registry key, for instance. Then you can go to %SystemRoot%\System32\winevt to find out event log entry's for file deletion and so on.
Thanks for your support!
BR,
Joan
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
Thanks for posting on our forum!
Yes, I agree with what @Anonymous said, you need to give us more details about your storage settings. If you haven't configured any audit policy for files and folders, you should configure it right now. Then you will see event log entry's for file deletion and so on. You need to be careful when setting "auditing". If you go over the top it can put a considerable overhead on the server. Here are some articles you can follow:
Configuring Audit Policies
Advanced Security Audit Policy Step-by-Step Guide
If you have already configured audit policy for your files and folders, you can go to run cmd command regedit to check if you use registry key, for instance. Then you can go to %SystemRoot%\System32\winevt to find out event log entry's for file deletion and so on.
Thanks for your support!
BR,
Joan
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Just checking if there's any progress or updates?
--please don't forget to upvote
and Accept as answer
if the reply is helpful--