Copy files from network drive

Posted on 2010-01-08
Last Modified: 2013-12-04
How can I find out who is moving files from a folder on our network share drive? We have a folder on the network share drive. Some files will disappeared every one min.

Question by:rowfei
    LVL 2

    Expert Comment


    First of all you can set this folder read-only
    Second - I'm not sure whether standard windows tools allowing network logging, however you always can review opened network sessions by clicking right mouse button to the my computer, then manage, then shared folders there you can review the list of the shares, the list of current network sessions, the list of currently opened files.

    Good luck
    LVL 11

    Expert Comment

    If you have an Active Directory Domain you can enable GPO directive to audit tha access to objects (folders and files). That will log entries on the security log of the server.
    LVL 1

    Expert Comment

    Even if no AD is implemented still you can monitor by analysing SECURITY event logs on server.

    First enable following GP settings.
    local comp policy > computer configuration  > windows setting > security setting > local policies > audit policies > AUDIT Obeject Access
    Values should be selected for both SUCCESS, Failure

    This will enable logging for all kind of object access on server. Then start analysing the security logs.
    you will sure find the logs for moving files.

    Success audit is not recommended as his will generate hugh logs & you need to clear logs frequently
    LVL 2

    Expert Comment

    Is it really every 1 minute?

    If so, that suggests something doing it automatically, like a script, over a person moving the files off.

    You can use the suggestions above, but if you want to know where they ended up, I suggest using some inventory software.  You can google for some freeware type stuff, or even just write your own script using tools like psinfo.  Might take awhile, but it can be worthwhile.

    LVL 1

    Accepted Solution

    Use following steps to find out who is deleting files.
    1) Open event viewer > security  events > sort logs by catagories > look on OBJECT ACCESS catagory enteries.
    2) Open any entry by double clicking. This will give you complete info like object accessed, user name, activity date/time.

    I have pasted one screenshot if you need some idea.
    Anil Kumar
    LVL 1

    Expert Comment

    if you find this helpful kindly provide feedback.

    Featured Post

    Scale it in WD Gold

    With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

    Join & Write a Comment

    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now