?
Solved

audit access to share drive or folder

Posted on 2014-10-03
5
Medium Priority
?
266 Views
Last Modified: 2014-10-04
I have been tasked with finding out when a shared driver/folder has been accessed and by whom.  Auditing is NOT turned on.  Is there another way to gather the required information?
0
Comment
Question by:sptech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40359661
if auditing is not on, you will not get anything historical
if you turn it on now, you will get info on a go-forward basis
0
 
LVL 14

Expert Comment

by:Natty Greg
ID: 40360772
no, only moving forward with audit on
0
 
LVL 23

Accepted Solution

by:
Danny Child earned 2000 total points
ID: 40361072
As above, you can't audit retrospectively.

your last gasp might be to check the MRU (Most Recently Used) file lists on your suspect's PCs.  There are many places where these are stored.
Here's an article on how to clear the lists (and therefore where they are).
http://www.dummies.com/how-to/content/how-to-get-rid-of-recently-opened-file-lists.html

For instance, here's the reg entry for Word
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU.

However, be aware, that as the article suggests, these lists can be cleared (in a number of different ways), so a "clean" list is not proof of innocence.  However, a "dirty" list could be proof of guilt!
0
 

Author Closing Comment

by:sptech
ID: 40361199
Never would have thought to check the MRU lists.  Thanks
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40361761
that would be extremely tedious to go through every user account on every system to do that and check every single entry as to the location if it is where you are looking for
if they cleared the MRU list you would get nowhere
not really any sort of solution
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question