如何跟踪和监测谁,并且某人当时在您的计算机访问一个文件夹!
张贴在2007年3月11日在1:23上午
有允许您跟踪的一个好的小的特点被建立入窗口当某人观看,编辑或者删除某事里面一个指定的文件夹时。 如此,如果有您要知道的文件夹或文件谁访问,然后这是固定方法,无需必须买所有另外的软件。
这个特点实际上作为叫的系统的部分 小组政策多数使用它专家使用服务器在公司网处理计算机,然而,这个政策系统可能当地也使用,不用任何服务器。
期限小组政策基本上提到一套可以是受控的通过一个图形用户界面的登记设置。 您使能或使设置失去能力,并且这些在窗口登记编辑被更新。
要有政策编辑,点击开始然后跑。
在文本框,如下键入“gpedit.msc”,不用行情如所示:
现在您应该看于图象是相似的如下的事:
有政策二个主要类别: 用户和计算机。 因为您也许已经猜测,用户政策控制设置为每名用户,而计算机设置将是系统宽设置,并且影响所有用户。 在我们的情况我们要我们的设置是为所有用户,因此我们将扩展我们计算机配置部分。
持续扩展 安全设置-> 地方政策-> 审计政策. 因为这primairly集中于验核文件夹,我不这里解释许多其他设置。 现在您在右边将看一套政策和他们的当前设置。 审计政策是什么控制是否配置操作系统并且准备跟踪变动。
现在检查设置为 审计对象通入 通过双击对此和选择成功和失败。 点击OK和我们现在做是告诉窗口的第一个部分我们要它准备监测变动。 现在下一个步骤将告诉它什么我们确切地想要跟踪。 您能现在关闭在小组政策控制台外面。
现在驾驶对文件夹使用您希望监测的Windows Explorer。 在探险家,用鼠标右键单击在文件夹并且点击物产。 点击安全制表符,并且您看事相似于此:
现在点击先进的按钮并且点击Audting表格。 这是我们实际上将配置的地方什么我们想要为这个文件夹监测。
开始并且点击增加按钮。 对话将看上去要求您选择用户或小组。 In the box, type in the word "users" and click Check Names. The box will automatically update with the name of the local users group for your computer in the form COMPUTERNAME\Users.
Click OK and now you’ll get another dialog called "Audit Entry for X". This is the real meat of what we’ve been wanting to do. Here is where you’ll select what you want to watch for this folder. To make things easier, I suggest selecting Full Control, which will automatically select all the other options below it. Do this for Success and Failure. This way, whatever is done to that folder or the files within it, you will have a record.
Now click OK and click OK again and OK one more time to get out of the whole multi-dialog box set. And now you have sucessfully configured audting on a folder! So you might ask, how do you view the events?
In order to view the events, you need to go to the Control Panel and click on Administrative Tools. Then open up the Event Viewer. Click on the security tab and you’ll see a large listing of events on the right hand side:
If you go ahead and create a file or simply open the folder and click the Refresh button in the Event Viewer (the button with the two green arrows), you’ll see a bunch of events in the category of Object Access. It’ll also list the user and computer. Now if you have a computer with multiple user accounts, then you can just scroll through the list and see if the object access message is there with another user name listed. However, if you think someone might be viewing items under your name, you’ll have to instead scroll through and look at the date and time.
In order to make it easier to look through so many events, you can put a filter and just see the important stuff. Click on the View menu at the top and click on Filter. In the Event ID box, type in the number 560. This is the event associated with a particular user performing an action and will give you the relavant information without having to look through thousands of entries.
If you want to get more information about an event, simply double click on it to view.
This is the information from the screen above:
Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 3/11/2007
Time: 2:57:35 AM
User: RELIAGENETECH\akishore
Computer: ASEEM
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: D:\Test\New Microsoft Word Document.doc
Image File Name: C:\WINDOWS\explorer.exe
Primary User Name: akishore
Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes
Here I created a new Microsoft Word document in the Test folder and it tells me that the object type was a file and Explorer was being used by user akishore. And I performed a read and a write according to the "Accesses" section. If you just want to see if someone else is accessing a folder, then simply look at the entries date and time or user fields.
And that’s it! A quick and free way to track access or changes to a folder!
Technorati Tags: monitor computer activity, monitor folders, track file changes, track foldersIf you enjoyed this post, make sure you subscribe to my RSS feed!
» Filed Under Windows XP
Related Posts
- How to create a Windows XP hidden folder share
- How to hide files and folders in Windows XP - The easy way
- How to create a secured and locked folder in Windows XP
- How to rip an audio cd and convert WMA files to MP3 for free
- More VBS Scripts for System Administrators
One Response to “How to track and monitor who and when someone accesses a folder on your computer!”
Pingbacks
-
Alternate Method - Using Google Desktop to track and monitor the activity on your computer Says:
[…] subscribe to my RSS feed to get daily tips. Thanks for visiting!I just read my post about trying to monitor what activity is occurring on your computer and realized that its way too complicated to get working and even if you get it working, […]
October 10th, 2007 at 11:01 pm
Please post your comments/suggestions!
[…] subscribe to my RSS feed to get daily tips. Thanks for visiting!I just read my post about trying to monitor what activity is occurring on your computer and realized that its way too complicated to get working and even if you get it working, […]
October 10th, 2007 at 11:01 pm
