How to find out who ran the TFS Destroy Command?

About

Asked 7/2, 2012 at 22:30 Answered 7/2, 2012 at 23:8

I have reason to believe that the TFS Destroy command was run on my server. Does TFS provide a way to find out who and when it was done?

Hauge answered 7/2, 2012 at 22:30 Comment(0)

TFS logs all user-initiated commands in the database for 14 days.

Try connect to your Tfs_Collection database and run the following query:

SELECT * FROM tbl_Command WITH (NOLOCK)
WHERE Command = 'Destroy'

Additionally, any time a Destroy command is run, an event is logged to the Application Event Log on the Application Tier that processed the command.

Lynnett answered 7/2, 2012 at 23:8 Comment(3)

Martin Woodward's not lying when he says there's nothing you don't know :D – Quota 7/2, 2012 at 23:10

Excellent answer, I thought there would be a way to get this from the database. It's a shame it's not recorded in the source control history though. – Munificent 8/2, 2012 at 0:3

This gave me exactly the information I was looking for. Thank you so much! – Hauge 8/2, 2012 at 15:9

I guess this is related to your earlier question. I don't think TFS provides an easy way (or any way) to do this. You can however narrow down the list of suspects, only users in the "project administrator" or "project collection administrator" groups have permissions to do a destroy. Contributors will get an error message if they run tf destroy. It does seem a bit of an oversight that this action isn't audited so hopefully someone will add an answer that allows you to get to the bottom of this.

Munificent answered 7/2, 2012 at 23:4 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags