Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Recording Share History

08 Nov 2010   #1
brandon22

Windows 7 64-bit
 
 
Recording Share History

Is there a way to create a log that records any activity when someone (including network Admin) accesses or at least tries to access a shared folder or drive on your computer? It would be nice to be able to log all the activity that takes places with Shared folders and any possible Remote Desktop connection that takes place without my knowledge.


My System SpecsSystem Spec
.
08 Nov 2010   #2
Kari

Microsoft Community Contributor Award Recipient

 

This is possible using Windows 7 built-in Group Policy Editor, included in Seven Professional, Ultimate and Enterprise editions. There are also several third party alternatives, for instance ShareAlarmPro.





Here's how to audit network access:
  1. Open Group Policy Editor by typing gpedit.msc to Start menu's search field or Run dialog window and hit Enter
    .
  2. Go to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies Audit Policy, double click to open Audit Object Access

    Recording Share History-audit_1.png
    .
  3. Check both options (Success and Failure) under Audit these objects, click OK

    Recording Share History-audit_2.png
    .
  4. Close Group Policy Editor
    .
  5. Open the Properties of a shared folder you want to audit, choose Security tab, click Advanced

    Recording Share History-audit_3.png
    .
  6. Choose Audit tab, click Continue

    Recording Share History-audit_4.png
    .
  7. Click Add, click Locations to choose from which location you want to audit, write the computer name and name of a user or group you want to audit, for instance PC-3\Administrators or XPPro-upstairs\Kari. Click Check names to "spellcheck", to check validity of your input

    Recording Share History-audit_5.png
    .
  8. Click OK to close Select User or Group dialog, click OK to close Advanced Security Settings, click OK to close Folder Properties
That's it. To read audit log, open Event Viewer by typing Event Viewer to Start menu's search field or Run dialog window and hit Enter. Go to Windows Logs > Security

Recording Share History-audit_6.png

Any further questions, don't hesitate to ask.

Kari

EDIT: I thought this is an important enough issue to make a tutorial. Please post all possible questions directly to the tutorial thread to keep it concentrated in a place. Tutorial is here: Audit (log) access to shared folders


My System SpecsSystem Spec
08 Nov 2010   #3
brandon22

Windows 7 64-bit
 
 

Thanks for getting back to me Kari, I really do appreciate it!

When I go to the Properties of the shared folder I want to audit I get the following error...."This has been shared for administrative purposes. The share permissions and file security cannot be set." Are there any workarounds to this problem? I have Admin network access, so maybe you can point me in the right direction as to where I should look to correct this problem?

Up to this point whenever I log into Windows I basically go into the default Shares and select Stop Sharing. Iíve assumed this has kept out anybody who wants to access my computer but I canít be too sure.
My System SpecsSystem Spec
.

08 Nov 2010   #4
Kari

Microsoft Community Contributor Award Recipient

 

I'm not sure but could this be so simple that you answered your own question? If share service is stopped, you can not set permissions.
My System SpecsSystem Spec
08 Nov 2010   #5
brandon22

Windows 7 64-bit
 
 

I donít think Iíve stopped the Shared Service, just the default drives that pop up every time the machine is rebooted. Can the Sharing Service be stopped? If so, where?
My System SpecsSystem Spec
08 Nov 2010   #6
Kari

Microsoft Community Contributor Award Recipient

 

To stop sharing:

Recording Share History-stop_sharing.png

Of course you have to do this for every enabled NIC, for instance if you have both LAN and WiFi connected at the same time, you have to stop sharing in both of them.

I misread your post, I tought you were talking about this feature. Anyway, logically thinking there could be something in this procedure of yours, first stop sharing by turning it manually off folder by folder, then when you try to change global sharing or security settings there is nothing to share i.e. nothing to change.

Kari


My System SpecsSystem Spec
09 Nov 2010   #7
brandon22

Windows 7 64-bit
 
 

And simply by turning off the File and Print Sharing in the Properties, this eliminates someone connecting to your computer via Shared Folder or Remote Desktop?
My System SpecsSystem Spec
09 Nov 2010   #8
Kari

Microsoft Community Contributor Award Recipient

 

Sharing, yes. Remote Desktop, no, it's here:

Recording Share History-remote.png

Kari


My System SpecsSystem Spec
09 Nov 2010   #9
brandon22

Windows 7 64-bit
 
 

Here's what mean says. Any work arounds or things I can disable in the Group Policy to change this setting?


Attached Images
Recording Share History-screen_shot.png 
My System SpecsSystem Spec
09 Nov 2010   #10
Kari

Microsoft Community Contributor Award Recipient

 

Here:

Recording Share History-firewall1.png

Recording Share History-firewall2.png


My System SpecsSystem Spec
Reply

 Recording Share History




Thread Tools




Similar help and support threads
Thread Forum
Clearing WMC recording history
--I'm posting this here as well, as I didn't see the Media Center sub-forum. Sorry!-- Hi everyone! I'm new here, and hopefully aren't asking a previously answered question. I did run a search, but no luck. I've been running WMC for several years, with no serious problems. Just recently, I...
Media Center
Clearing WMC recording history - Will programs be recorded again?
Hi everyone! I'm new here, and hopefully aren't asking a previously answered question. I did run a search, but no luck. I've been running WMC for several years, with no serious problems. Just recently, I noticed that one particular series that I have scheduled to record had original air dates...
Music, Pictures & Video
path name to a network share? for WMC recording to another PC
What is the exact format? I want to change the default recording path from this local folder to a network share in the WMC registry entry. My idea is to have WMC record onto a remote PC across the gigabit LAN. ...
Network & Sharing
How do I restore deleted history in IE8? (I copied the history folder)
Hello, So my ie8 got buggy with its history, to solve this I went to Tools->internet options-> delete history. This solved the bugs. Now prior to my deletion, I went to C:\->Users->{user name}->app data->local->Microsoft and copied the folder named History (60+ megs). I pasted it on...
Browsers & Mail
IE9 not recording history
IE9 has stopped recording my internet browsing history. Instead it only records my computer document history, like any saved pictures I open or any documents I open. Does anyone know why its done that and how I can put it right?
Browsers & Mail


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 19:20.
Twitter Facebook Google+