Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Recording Share History


08 Nov 2010   #1

Windows 7 64-bit
 
 
Recording Share History

Is there a way to create a log that records any activity when someone (including network Admin) accesses or at least tries to access a shared folder or drive on your computer? It would be nice to be able to log all the activity that takes places with Shared folders and any possible Remote Desktop connection that takes place without my knowledge.


My System SpecsSystem Spec
.

08 Nov 2010   #2

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro with Media Center
 
 

This is possible using Windows 7 built-in Group Policy Editor, included in Seven Professional, Ultimate and Enterprise editions. There are also several third party alternatives, for instance ShareAlarmPro.





Here's how to audit network access:
  1. Open Group Policy Editor by typing gpedit.msc to Start menu's search field or Run dialog window and hit Enter
    .
  2. Go to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies Audit Policy, double click to open Audit Object Access

    Recording Share History-audit_1.png
    .
  3. Check both options (Success and Failure) under Audit these objects, click OK

    Name:  audit_2.png
Views: 4
Size:  34.4 KB
    .
  4. Close Group Policy Editor
    .
  5. Open the Properties of a shared folder you want to audit, choose Security tab, click Advanced

    Name:  audit_3.png
Views: 2
Size:  44.1 KB
    .
  6. Choose Audit tab, click Continue

    Name:  audit_4.png
Views: 2
Size:  50.3 KB
    .
  7. Click Add, click Locations to choose from which location you want to audit, write the computer name and name of a user or group you want to audit, for instance PC-3\Administrators or XPPro-upstairs\Kari. Click Check names to "spellcheck", to check validity of your input

    Name:  audit_5.png
Views: 7
Size:  82.4 KB
    .
  8. Click OK to close Select User or Group dialog, click OK to close Advanced Security Settings, click OK to close Folder Properties
That's it. To read audit log, open Event Viewer by typing Event Viewer to Start menu's search field or Run dialog window and hit Enter. Go to Windows Logs > Security

Recording Share History-audit_6.png

Any further questions, don't hesitate to ask.

Kari

EDIT: I thought this is an important enough issue to make a tutorial. Please post all possible questions directly to the tutorial thread to keep it concentrated in a place. Tutorial is here: Audit (log) access to shared folders


My System SpecsSystem Spec
08 Nov 2010   #3

Windows 7 64-bit
 
 

Thanks for getting back to me Kari, I really do appreciate it!

When I go to the Properties of the shared folder I want to audit I get the following error...."This has been shared for administrative purposes. The share permissions and file security cannot be set." Are there any workarounds to this problem? I have Admin network access, so maybe you can point me in the right direction as to where I should look to correct this problem?

Up to this point whenever I log into Windows I basically go into the default Shares and select Stop Sharing. Iíve assumed this has kept out anybody who wants to access my computer but I canít be too sure.
My System SpecsSystem Spec
.


08 Nov 2010   #4

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro with Media Center
 
 

I'm not sure but could this be so simple that you answered your own question? If share service is stopped, you can not set permissions.
My System SpecsSystem Spec
08 Nov 2010   #5

Windows 7 64-bit
 
 

I donít think Iíve stopped the Shared Service, just the default drives that pop up every time the machine is rebooted. Can the Sharing Service be stopped? If so, where?
My System SpecsSystem Spec
08 Nov 2010   #6

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro with Media Center
 
 

To stop sharing:

Name:  Stop_sharing.png
Views: 2
Size:  31.0 KB

Of course you have to do this for every enabled NIC, for instance if you have both LAN and WiFi connected at the same time, you have to stop sharing in both of them.

I misread your post, I tought you were talking about this feature. Anyway, logically thinking there could be something in this procedure of yours, first stop sharing by turning it manually off folder by folder, then when you try to change global sharing or security settings there is nothing to share i.e. nothing to change.

Kari


My System SpecsSystem Spec
09 Nov 2010   #7

Windows 7 64-bit
 
 

And simply by turning off the File and Print Sharing in the Properties, this eliminates someone connecting to your computer via Shared Folder or Remote Desktop?
My System SpecsSystem Spec
09 Nov 2010   #8

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro with Media Center
 
 

Sharing, yes. Remote Desktop, no, it's here:

Name:  Remote.png
Views: 0
Size:  47.0 KB

Kari


My System SpecsSystem Spec
09 Nov 2010   #9

Windows 7 64-bit
 
 

Here's what mean says. Any work arounds or things I can disable in the Group Policy to change this setting?


Attached Images
 
My System SpecsSystem Spec
09 Nov 2010   #10

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro with Media Center
 
 

Here:

Recording Share History-firewall1.png

Recording Share History-firewall2.png


My System SpecsSystem Spec
Reply

 Recording Share History




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:53 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33