How can I check that who accessed my shared folder?

Minyeong 1 Reputation point
2022-05-10T00:03:41.48+00:00

Hello.
I want to make central storage system in my office with Windows 10.
Me and my colleagues already use shared folder through Windows network.
We access each one's shared folder and read/delete file now.
We need to change this process and try to set the central storage system.
My question is, when I use a computer with Windows 10 as central storage system,
how can I check who accessed certain shared folder?

I set 'local security policy' - 'Audit' and checked log at 'Event viewer' - 'Windows Log' - 'Security'.
But, it seems that there is difference between log time and real operating time.

Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,266 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,331 Reputation points
    2022-05-11T07:44:18.987+00:00

    Hello

    Thank you for your question and reaching out.
    I can understand you are having some issues \ queries related to know who has accessed shared folder.

    Using Local Security Policy Editor, you can administer security settings on a workstation,The Audit Object Access policy in LSPE permits administrators to keep track of who views or modifies a file or folder. After enabling this policy on a computer, set up auditing on the appropriate file in order to see, via Event Viewer, who accessed it.

    1. From Run -> "secpol.msc" into the search field, and then press "Enter" to open Local Security Policy.

    Expand "Security Settings" and "Local Policies," and then click the "Audit Policy" folder.

    3.
    Double-click "Audit Object Access" in the right pane to open the Audit Object Access Properties dialog box.

    4.
    Check "Define These Policy Settings," check "Success," and then click "OK" to monitor file access.

    5.
    Press "Windows-E" to open File Explorer, navigate to the appropriate folder, right-click the target file and select "Properties" from the context menu, and then click "Security."

    6.
    Click the "Advanced" button, click the "Auditing" tab, and then click "Continue." Click the "Add" button, and then click the "Select a Principal" link.

    7.
    Type the name of a user or group into the available field, click "Check Names," and then click "OK."

    8.
    Select "Success" from the "Type" drop-down menu, select the appropriate permissions for the user or group, and then click "OK."

    9.
    Repeat Step 6 through 8 for each user or group, and then click "OK" to close each window.

    Check File Access
    1.
    Press "Windows-W," type "event," and then select "View Event Logs" from the results.

    2.
    Expand "Windows Logs," and then click "Security." Select "Filter Current Log" from the left pane, and then enter "4663" (without quotes) into the "<All Event IDs>" field.

    3.
    Choose "Audit Success" from the "Keywords" drop-down menu, and then click "OK" to create the filter.

    4.
    Select the first item in the log, and then check the Object Name field on the General tab to see which file was accessed. Select the following item in the log until you find the appropriate event.

    5.
    Review the Subject field on the General tab to see which network user accessed the file last.

    --If the reply is helpful, please Upvote and Accept as answer--

    2 people found this answer helpful.
  2. MotoX80 31,556 Reputation points
    2022-05-10T19:26:14.073+00:00

    In addition to setting the audit policy, on the files/folders you have enabled auditing on them too.

    https://www.varonis.com/blog/windows-file-system-auditing?msclkid=dc056741d09511eca1378bacd14ae810

    0 comments