Recently, strange things have been occuring on our system, so today I decided to check my event logs and found they had been cleaned. How is this possible? Is there a way that a user could delete these files? Wouldn't access be denied, since the files are in use? Btw, the machine is in a locked room and hasn't been rebooted. I am puzzled, and any help would be GREATLY appreciated. Carl

Carl, Do you have a security team for your network. One of the things a vandal (hacker, blackhat, etc.) usually does is wipe your event logs after they have been in the system. If this occurs more often you may want to call in a security analyst and have your network analyzed for security loopholes. I don't want to get you riled up but its not uncommon. Another thing you may want to check is to sit down at a workstation running NT and pull up event viewer and try to connect to the server and see if "you" can do it from an outside machine. If so, you may need to revise your permissions, as an advanced coworker could have been in there and erased it. Of course, it could just be one of those things! Oh... and just in case someone has gained access to your server.. you will probably want to reboot it to make sure they are out. Good Luck, -Mike

Thanks Mike, We are in the process of hiring a system administrator but untill then, guess who gets the job? They think as the web designer, I would be most qualified. Anyways, what's weird is that it is the only machine running NT(all the others are win98). I tried getting on a win98 machine and managed to get access to the system, application and security files through DOS, but was unable to copy, delete,etc.. It would say access denied, files are in use. I am guessing someone found a way around this. I wonder how they did this. Oh well, I am learning a lot to say the least. Carl