3

Small lawfirm, SBS 2011. On this Server each case gets a folder, for 2012 from folder "1-2012" to "876-2012" and for 2013 "1-2013" to "555-2013" until today. A path to a folder looks like "\\SBS2011\folder\subfolder\2012\123-2012".

Once in a while one of these folders (e.g. "123-2012") vanishes, because someone moves it accidentally into another folder (e.g. into "497-2013"). I've no idea how people manage to move a folder without realising it, but it's a fact.

It is really difficult to locate the moved folder, there are thousands of places, where they could have been moved to.

We can not limit the rights of our employees: they have to create new folders and put files into them. And they need to delete folders as well.

My idea is to have a small daemon running on the SBS, which simply writes a single line into a log file every time, a folder "\\SBS2011\folder\subfolder*" gets moved or deleted, like:

16/08/2013 13:45 user "KD" "old path to folder" "new path to folder"

or simply says that a certain folder has been deleted.

Can anybody give me a hint, how to proceed? Our IT-Helpdesk makes shadow copies and what the heck, but failed to come up with a good solution.

Am I wrong? Are there no daemons under Windows?

Oliver Salzburg
  • 86,445
  • 63
  • 260
  • 306
Keks Dose
  • 263
  • 3
  • 12
  • Interesting issue and one I'm guilty of doing (I just for unknown reasons press the left mouse button randomly when moving the mouse)! I assume that you don't know the name of the moved folder, so you can't just search for it? Sounds like you need to take this right away from staff but provide a system which means they have to create/delete via some software (which will automatically create the logging for you)? – Dave Aug 16 '13 at 12:17
  • I know the name of the folder exactly, e.g. "123-2013", but a search in Windows Explorer takes many hours, because most of the main folders include many subfolders ("\123-2013\register", "\123-2013\drafts" and so on). A legal due diligence produces a mountain of data :-( – Keks Dose Aug 16 '13 at 13:20

2 Answers2

2

As far as searching is considered, I suggest to use the free Everything search engine to instantly find folders and files.

This product reads the NTFS journal file which contains all file and folder renames and moves. It can be set to start with Windows and so be always available and up-to-date. It can index disks holding millions of files. Its search is so quick that it refines the search-result for each character that you type. It also installs a shell-hook in Windows Explorer to limit the search to a sub-folder.

For intercepting changes to disk files, the NTFS USN Journal can be used directly by yourself, although some programming is required.

See the article Using the NTFS journal for backups for a discussion of how to use the Journal API.

An example of a C++ program that dumps the USN Journal can be found in the article Win32 NTFS Journal Dump.

harrymc
  • 455,459
  • 31
  • 526
  • 924
1

This can be done really simple in C# with the FileSystemWatcher class.

look at this http://msdn.microsoft.com/en-us/library/system.io.filesystemwatcher.aspx

there is an example which suits your needs perfectly. You only have to change the console output to a log file and eventually implement it as windows service

donothingloop
  • 403
  • 3
  • 8