Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Recording Share History

08 Nov 2010   #1
brandon22

Windows 7 64-bit
 
 
Recording Share History

Is there a way to create a log that records any activity when someone (including network Admin) accesses or at least tries to access a shared folder or drive on your computer? It would be nice to be able to log all the activity that takes places with Shared folders and any possible Remote Desktop connection that takes place without my knowledge.


My System SpecsSystem Spec
.
08 Nov 2010   #2
Kari

Microsoft Community Contributor Award Recipient

 

This is possible using Windows 7 built-in Group Policy Editor, included in Seven Professional, Ultimate and Enterprise editions. There are also several third party alternatives, for instance ShareAlarmPro.





Here's how to audit network access:
  1. Open Group Policy Editor by typing gpedit.msc to Start menu's search field or Run dialog window and hit Enter
    .
  2. Go to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies Audit Policy, double click to open Audit Object Access

    -audit_1.png
    .
  3. Check both options (Success and Failure) under Audit these objects, click OK

    Name:  audit_2.png
Views: 4
Size:  34.4 KB
    .
  4. Close Group Policy Editor
    .
  5. Open the Properties of a shared folder you want to audit, choose Security tab, click Advanced

    Name:  audit_3.png
Views: 2
Size:  44.1 KB
    .
  6. Choose Audit tab, click Continue

    Name:  audit_4.png
Views: 2
Size:  50.3 KB
    .
  7. Click Add, click Locations to choose from which location you want to audit, write the computer name and name of a user or group you want to audit, for instance PC-3\Administrators or XPPro-upstairs\Kari. Click Check names to "spellcheck", to check validity of your input

    Name:  audit_5.png
Views: 7
Size:  82.4 KB
    .
  8. Click OK to close Select User or Group dialog, click OK to close Advanced Security Settings, click OK to close Folder Properties
That's it. To read audit log, open Event Viewer by typing Event Viewer to Start menu's search field or Run dialog window and hit Enter. Go to Windows Logs > Security

-audit_6.png

Any further questions, don't hesitate to ask.

Kari

EDIT: I thought this is an important enough issue to make a tutorial. Please post all possible questions directly to the tutorial thread to keep it concentrated in a place. Tutorial is here: Audit (log) access to shared folders


My System SpecsSystem Spec
08 Nov 2010   #3
brandon22

Windows 7 64-bit
 
 

Thanks for getting back to me Kari, I really do appreciate it!

When I go to the Properties of the shared folder I want to audit I get the following error...."This has been shared for administrative purposes. The share permissions and file security cannot be set." Are there any workarounds to this problem? I have Admin network access, so maybe you can point me in the right direction as to where I should look to correct this problem?

Up to this point whenever I log into Windows I basically go into the default Shares and select Stop Sharing. Iíve assumed this has kept out anybody who wants to access my computer but I canít be too sure.
My System SpecsSystem Spec
.

08 Nov 2010   #4
Kari

Microsoft Community Contributor Award Recipient

 

I'm not sure but could this be so simple that you answered your own question? If share service is stopped, you can not set permissions.
My System SpecsSystem Spec
08 Nov 2010   #5
brandon22

Windows 7 64-bit
 
 

I donít think Iíve stopped the Shared Service, just the default drives that pop up every time the machine is rebooted. Can the Sharing Service be stopped? If so, where?
My System SpecsSystem Spec
08 Nov 2010   #6
Kari

Microsoft Community Contributor Award Recipient

 

To stop sharing:

Name:  Stop_sharing.png
Views: 2
Size:  31.0 KB

Of course you have to do this for every enabled NIC, for instance if you have both LAN and WiFi connected at the same time, you have to stop sharing in both of them.

I misread your post, I tought you were talking about this feature. Anyway, logically thinking there could be something in this procedure of yours, first stop sharing by turning it manually off folder by folder, then when you try to change global sharing or security settings there is nothing to share i.e. nothing to change.

Kari


My System SpecsSystem Spec
09 Nov 2010   #7
brandon22

Windows 7 64-bit
 
 

And simply by turning off the File and Print Sharing in the Properties, this eliminates someone connecting to your computer via Shared Folder or Remote Desktop?
My System SpecsSystem Spec
09 Nov 2010   #8
Kari

Microsoft Community Contributor Award Recipient

 

Sharing, yes. Remote Desktop, no, it's here:

Name:  Remote.png
Views: 0
Size:  47.0 KB

Kari


My System SpecsSystem Spec
09 Nov 2010   #9
brandon22

Windows 7 64-bit
 
 

Here's what mean says. Any work arounds or things I can disable in the Group Policy to change this setting?


Attached Images
 
My System SpecsSystem Spec
09 Nov 2010   #10
Kari

Microsoft Community Contributor Award Recipient

 

Here:

-firewall1.png

-firewall2.png


My System SpecsSystem Spec
Reply

 Recording Share History




Thread Tools




Similar help and support threads
Thread Forum
path name to a network share? for WMC recording to another PC
What is the exact format? I want to change the default recording path from this local folder to a network share in the WMC registry entry. My idea is to have WMC record onto a remote PC across the gigabit LAN. ...
Network & Sharing
Samba Share Networkmounting as X,Y,Z works, \\Share\mount not
Dear admins, power users etc. The last 36h hours i spend googling my problem but couldn't get any help to solve this issue. I have multiple Windows 7 machines (32bit and 64 bit) at home. One machine shows my samba share in the network environment and i can access it via double click...
Network & Sharing
How do I restore deleted history in IE8? (I copied the history folder)
Hello, So my ie8 got buggy with its history, to solve this I went to Tools->internet options-> delete history. This solved the bugs. Now prior to my deletion, I went to C:\->Users->{user name}->app data->local->Microsoft and copied the folder named History (60+ megs). I pasted it on...
Browsers & Mail
IE9 not recording history
IE9 has stopped recording my internet browsing history. Instead it only records my computer document history, like any saved pictures I open or any documents I open. Does anyone know why its done that and how I can put it right?
Browsers & Mail
[Recording] Stereo Mix Available, Sound Recording Not
Hello. I am EpicallyAWSM. Alright before I explain, I must tell you that I WAS able to record audio previously. I'm having a problem while recording audio with Fraps (a game video-recording software). Previously, I was unable to find the Stereo Mix at all, until I found the Drivers CD that...
Sound & Audio
Remember start->run history, but not program history
Is there a way to have start->run history kept while not keeping a history of the recently launched programs from the menu? I know under the properties you have "Store and display recently opened programs in the Start menu", but this is what controls both. I'm figuring theres probably some...
Customization


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 15:41.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App