Copy files from network drive

Posted on 2010-01-08
Medium Priority
Last Modified: 2013-12-04
How can I find out who is moving files from a folder on our network share drive? We have a folder on the network share drive. Some files will disappeared every one min.

Question by:rowfei

Expert Comment

ID: 26211625

First of all you can set this folder read-only
Second - I'm not sure whether standard windows tools allowing network logging, however you always can review opened network sessions by clicking right mouse button to the my computer, then manage, then shared folders there you can review the list of the shares, the list of current network sessions, the list of currently opened files.

Good luck
LVL 11

Expert Comment

ID: 26278570
If you have an Active Directory Domain you can enable GPO directive to audit tha access to objects (folders and files). That will log entries on the security log of the server.

Expert Comment

ID: 26330301
Even if no AD is implemented still you can monitor by analysing SECURITY event logs on server.

First enable following GP settings.
local comp policy > computer configuration  > windows setting > security setting > local policies > audit policies > AUDIT Obeject Access
Values should be selected for both SUCCESS, Failure

This will enable logging for all kind of object access on server. Then start analysing the security logs.
you will sure find the logs for moving files.

Success audit is not recommended as his will generate hugh logs & you need to clear logs frequently
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.


Expert Comment

ID: 26344145
Is it really every 1 minute?

If so, that suggests something doing it automatically, like a script, over a person moving the files off.

You can use the suggestions above, but if you want to know where they ended up, I suggest using some inventory software.  You can google for some freeware type stuff, or even just write your own script using tools like psinfo.  Might take awhile, but it can be worthwhile.


Accepted Solution

Anil1979 earned 2000 total points
ID: 26350187
Use following steps to find out who is deleting files.
1) Open event viewer > security  events > sort logs by catagories > look on OBJECT ACCESS catagory enteries.
2) Open any entry by double clicking. This will give you complete info like object accessed, user name, activity date/time.

I have pasted one screenshot if you need some idea.
Anil Kumar

Expert Comment

ID: 26350238
if you find this helpful kindly provide feedback.

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question