Share via

How is it possible to know the Ip address of those machines/users who access to shared administrative folders remotely?

Roberto 1 Reputation point
2020-09-02T11:28:30.23+00:00

Hello,

I would like to know how I can check from a local computer the IP address of those machines / users who access remotely to shared administrative folders which are located in that local computer.

I suppose (if I am right) it can be checked somehow from the event viewer, but I don't know which is the code number to identify this kind of event.

I would appreciate to much if someone could provide to me some help regarding this question.

Thanks in advance

Kind regards

Roberto

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,675 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jenny Yan-MSFT 9,336 Reputation points
    2020-09-03T07:49:58.287+00:00

    Hi,
    Thanks for your posting. Per my search and test, you could get the IP address or Computer name when there are users opening the shared folder either from computer management or poweshell command.

    1.Computer management 2.net session command
    22287-image.png
    22421-image.png

    If you would like to check the historical record in event logs, you shall enable Audit File Share and look for event ID 5140:This event generates every time network share object was accessed. It contains source IP address from which access was performed.

    https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5140#security-monitoring-recommendations

    -----Please "Accept as answer" if the reply is helpful-----
    Thanks,
    Jenny

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.