If you gave them a login then you gave them the all clear for all files you handed over the permissions to. Let's remember that good security starts with permissions.
If you didn't hand me the permission to delete, then I can't. If your IT staff didn't lock it down then expect files to go missing.
-> More about this and Event logging. The OS's you listed all have the Event Viewer. Now all you need to add is the events for file deletions. Here's how -> http://infosec.ufl.edu/itsa/nt-jodi.ppt
"My question...is there some kind of login program that could 'silently' record all authorized/unauthorized access to a machine and the users actions so that we could catch who is erasing the security log files?"
If they are in Windows at the time, yes.
I work as a network tech @ a college. This college has a physical topology consisting of a campus backbone with many LANs (instructional labs). Most LANs are running winXP on the workstations and either winNT 4, 2K, on the servers. A few LANs are running 2003.
Several months ago, several LANs started experiencing important files, including system files, disappearing from their workstations and/or servers and the 'security log files' for the date and time in question have all mysteriously been deleted. Many machines have had to be reimaged from backups to insure integrity. Some have speculated that the intrusions were most likely done by those with physical access to the machines.
The LAN that I work with is running win2003 server and winXP on the workstations. To our knowledge, we have not been hit yet.
My question...is there some kind of login program that could 'silently' record all authorized/unauthorized access to a machine and the users actions so that we could catch who is erasing the security log files?