Solved

audit access to share drive or folder

Posted on 2014-10-03
5
259 Views
Last Modified: 2014-10-04
I have been tasked with finding out when a shared driver/folder has been accessed and by whom.  Auditing is NOT turned on.  Is there another way to gather the required information?
0
Comment
Question by:sptech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40359661
if auditing is not on, you will not get anything historical
if you turn it on now, you will get info on a go-forward basis
0
 
LVL 13

Expert Comment

by:Natty Greg
ID: 40360772
no, only moving forward with audit on
0
 
LVL 23

Accepted Solution

by:
Danny Child earned 500 total points
ID: 40361072
As above, you can't audit retrospectively.

your last gasp might be to check the MRU (Most Recently Used) file lists on your suspect's PCs.  There are many places where these are stored.
Here's an article on how to clear the lists (and therefore where they are).
http://www.dummies.com/how-to/content/how-to-get-rid-of-recently-opened-file-lists.html

For instance, here's the reg entry for Word
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU.

However, be aware, that as the article suggests, these lists can be cleared (in a number of different ways), so a "clean" list is not proof of innocence.  However, a "dirty" list could be proof of guilt!
0
 

Author Closing Comment

by:sptech
ID: 40361199
Never would have thought to check the MRU lists.  Thanks
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40361761
that would be extremely tedious to go through every user account on every system to do that and check every single entry as to the location if it is where you are looking for
if they cleared the MRU list you would get nowhere
not really any sort of solution
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question