I'm developing an application that will run on a few Windows Server 2008 boxes. The application will monitor shared directories for file changes and report them back to me. I'm currently using the FileSystemWatcher class, but this does support retrieval of the active directory username associated with the generated events. I've looked into a few solutions but I'm not sure where to start. Here's some of my options.
Monitor the eventlog for security events. I really don't like this solution Get Username of an Accesed File
Create a file system filter driver. This will allow me to detect all types of file operations in realtime, but I haven't seen anything on retrieving the associated user info. This seems to be the most promising solution.
I haven't seen anyone else do this, but I supposed it would be possible to hook the 'Server' service (I believe this is responsible for network share interactions) and try to pull out file system operations. I really would like to avoid this.
I'm welcome to solutions in C#/C++.
