6

Is it possible to know if anyone is accessing any of folders or drives in my system(32 bit windows 2003)? I mean shared folders or non-shared folders, anything. And once if we know, how to deny access to particular host. For shared folders i know how to do, but if anyone is accessing some folder with proper credentials, i don't know how to control.

Please ignore cases like bit torrent etc. All i wanted to know is if anyone is accessing my system folders in this way

\\10.30.188.231\d$\calvin_docs

with some valid username and password. I wanted to know ip/username of system who is accessing

Nick Kavadias
  • 10,796
  • 7
  • 37
  • 47
rplusg
  • 163
  • 1
  • 1
  • 5

9 Answers9

9

fsmgmt.msc is your friend. Run this on the workstation in question and you will be able to see all shares, sessions, and open files on that particular workstation. From this utility you will be able to close any particular session and with folder permissions you should be able to restrict usage. However, it really depends on the privileges of the connecting user in question as to whether or not you can keep them out in this fashion. For instance, if the user is a domain admin.

Anyhow, I believe that fsmgmt will definitely get you moving in the right direction. Please write back and let us know how you made out!

Good luck.

JohnyD
  • 1,614
  • 3
  • 20
  • 29
  • Thanks for the answer, this gives who is connected to my machine thru rdc, but it doesn't give who is accessing files or folders(shared/non shared). It just gives how many ppl are accessing. – rplusg Dec 02 '09 at 08:46
  • Under the Shares tree it will show the number of people accessing which particular share. If you go to the Sessions or Open Files trees it will tell you who is connected, the machine they're connected from, how many files they have open and the names of the actual files themselves. Here's an example: http://img166.imageshack.us/img166/6825/29013877ye2.jpg – JohnyD Dec 02 '09 at 13:42
  • Yes got it, thanks alot for driving till the end. Gah, its my bad, didn't see properly before :). – rplusg Dec 07 '09 at 07:11
2

You can go to "Computer Managment" and under to system tools you have Shared Folder, Tere You can see some basic information. To open Compute Managment on icon MY Computer right click and chose Manage

adopilot
  • 1,521
  • 6
  • 25
  • 41
1

If you think someone is access system hidden shares then they'll be doing it using an administrator account. Regularily check your local administrator group for membership. If you want to view who is accessing them then you will need to set up auditing then select object access sucess.

Nasa
  • 316
  • 1
  • 7
1

turn on audit object access.

Nick Kavadias
  • 10,796
  • 7
  • 37
  • 47
  • Here is a link with steps on how to turn on audit object access. https://www.lepide.com/how-to/enable-file-folder-access-auditing-windows-server-2012.html – user716255 Dec 04 '22 at 19:29
0

Just use the application share monitor

http://download1us.softpedia.com/dl/47e675b099667bf33ca28203f9efa8df/4f86ef86/100154703/software/network/ShareMonitor.exe

Bryan
  • 7,628
  • 15
  • 69
  • 94
swaleen
  • 1
  • Whilst this may theoretically answer the question, [it would be preferable](http://meta.stackexchange.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – Scott Pack Nov 05 '12 at 21:26
0

You can use the command net session in a windows cmd window. See this stackoverflow question for a couple of other techniques. I usually just use net session though, it just works.

                         enter image description here

Community
  • 1
slm
  • 7,615
  • 16
  • 56
  • 76
0

go to local security settings within administrative tasks.

Configure the auditing options. You can audit files, drives , applications , etc. Just configure to audit success and failure.

the security events will start appearing in your event viewer in the security log.

To prevent unauthorized access , i guess you need to REMOVE that users permission from the file/folder which they are trying to access. If your using a domain controller , just add that user to the file/folder permissions and explicitly restrict their actions.

The best is , just dont add users to groups which have access to the file/folder.

Andrew Keith
  • 121
  • 3
0

Since you mention file-sharing: If you use applications like BitTorrent or an FTP or web server it is very difficult to tell who is doing what. The auditing/access control tools of the OS will not be able to tell what is going on; for them it looks as if the user who is running the file sharing client application is accessing those files, even though the "real" user is someone else (and someone unknown to your local network domain). The best you can do here is to audit access by application name, and look at the access logs that these applications maintain themselves.

Thilo
  • 240
  • 1
  • 2
  • 9
  • I don't think the OP is talking about that kind of file sharing, in spite of the tag. – Dennis Williamson Nov 26 '09 at 07:00
  • please ignore cases like bit torrent etc. All i wanted to know is if anyone is accessing my system folders in this way, "\10.30.188.231\d$\calvin_docs" with some valid username and password. I wanted to know ip/username of system who is accessing – rplusg Nov 26 '09 at 07:39
0

I'd be looking into using the Sysinternals Procmon.exe tool which can tell you all files/reg/network access. It'll generate a huge log to sift through, but there's a mine of information on what user is running what process and causing particular types of load on a server.