Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

audit access to share drive or folder

Posted on 2014-10-03
5
Medium Priority
?
282 Views
Last Modified: 2014-10-04
I have been tasked with finding out when a shared driver/folder has been accessed and by whom.  Auditing is NOT turned on.  Is there another way to gather the required information?
0
Comment
Question by:sptech
5 Comments
 
LVL 36

Expert Comment

by:Seth Simmons
ID: 40359661
if auditing is not on, you will not get anything historical
if you turn it on now, you will get info on a go-forward basis
0
 
LVL 14

Expert Comment

by:Natty Greg
ID: 40360772
no, only moving forward with audit on
0
 
LVL 23

Accepted Solution

by:
Danny Child earned 2000 total points
ID: 40361072
As above, you can't audit retrospectively.

your last gasp might be to check the MRU (Most Recently Used) file lists on your suspect's PCs.  There are many places where these are stored.
Here's an article on how to clear the lists (and therefore where they are).
http://www.dummies.com/how-to/content/how-to-get-rid-of-recently-opened-file-lists.html

For instance, here's the reg entry for Word
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU.

However, be aware, that as the article suggests, these lists can be cleared (in a number of different ways), so a "clean" list is not proof of innocence.  However, a "dirty" list could be proof of guilt!
0
 

Author Closing Comment

by:sptech
ID: 40361199
Never would have thought to check the MRU lists.  Thanks
0
 
LVL 36

Expert Comment

by:Seth Simmons
ID: 40361761
that would be extremely tedious to go through every user account on every system to do that and check every single entry as to the location if it is where you are looking for
if they cleared the MRU list you would get nowhere
not really any sort of solution
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question