network tool to find out who accessed what file
If you don't have auditing enabled, I'm sorry to tell yous that you will not exist able to find out this info.
Was this mail service helpful? thumb_up thumb_down
unfortunately I'm afraid y'all won't find out without MS auditing turned on. I'm agape you volition demand to tell the requester that yous tin't find that.
Sorry for the bad news
Mike
Was this post helpful? thumb_up thumb_down
You tin commencement narrowing it down by who is the file available to.
Without auditing, at that place isn't much you tin can do.
Was this mail service helpful? thumb_up thumb_down
Agree that the auditing is the determining factor. Looking at who has access to the files, is a place to start. Otherwise, best of luck...
Was this post helpful? thumb_up thumb_down
tfl This person is a verified professional. Verify your account to enable IT peers to encounter that you are a professional. 
- 71 Best Answers
- 128 Helpful Votes
This is a very oftentimes asked question.
By default NFTS files logs:
- Cosmos Time
- Final Access Time
- Last write time
These times are logged in local time and UTC. Even so, the details of who did this are not logged by default. Y'all can turn on auditing, as noted in the earlier responses which can log who did what operations to that file. However, you tin can not turn auditing on after the fact.
It'south like of similar CCTV - if y'all accept't got it switched on this night, you can't see who came/went. Turning it on tomorrow forenoon doesn't exercise any good tonite.
Likewise, its worth proverb that auditing can generate a lot of information to be generated, which is why Msft don't turn information technology on by default/
Was this post helpful? thumb_up thumb_down
Hi everyone cheers for the replies, that's what I thought but it was worth a shot.
Does the auditing feature take up destine of server juice or space? If I have multiple file servers would I have to turn it on each of them or could I spawn a virtual server to audit all shares / files on the network.
Cheers
Grahame
Was this post helpful? thumb_up thumb_down
+i one to all of the answers to a higher place. That ship has sailed.
If you'd like to gather this information for the future, with a low-impact solution that doesn't require file system auditing to exist enabled, have a look at our PA File Sight product.
http://www.poweradmin.com/file-sight/
Was this post helpful? thumb_up thumb_down
Thanks doug Whatever freeware ones?
Also practice y'all know the respond to being able to setup a seperate server to just run windows auditing?
Cheers
Grahame
Was this mail service helpful? thumb_up thumb_down
tfl This person is a verified professional person. Verify your account to enable Information technology peers to come across that you are a professional.
- 71 Best Answers
- 128 Helpful Votes
Grahame
MSFT auditing runs on the machine being audited, and records are written to the system's event logs.
I've never tried information technology, simply I assume you can forward those inspect log entries in the same mode as you can forrad other outcome log entries. So in theiory, forwarding to a separate server could piece of work - but this would crusade additional network traffic as well as server load on the monitored servers and the monitoring server.
I would experiment - set upward a couple of VMs and become outcome subscriptions working and tested. So I'd practice some volume tests. You could use wireshart/netmon to capture the traffic resulting from accessing a file on a server. One time you take a few transations (forwarded inspect log entries) you could size the overall traffic.
Hope this helps.
Was this mail helpful? thumb_up thumb_down
There is nothing to say if auditing is not enabled.
But for future prospective, to enable auditing of all admission/changes for file server, you can spend few moments at this helpful Technet web log resource. Please get through :
http://blogs.technet.com/b/mspfe/archive/2013/08/27/auditing-file-access-on-file-servers.aspx
It has some good features enabled an can generate the reports on a regular basis that will show yous (WHO did WHAT to WHICH content and WHEN this was washed).
However, if you wish to generate reports at granular level to audit all the admission of files and folders, you tin accept a look at Lepide files server accountant(http://world wide web.lepide.com/file-server-inspect/). It comes with several excellent features and provide a graphical view of all reports with real fourth dimension monitoring. You can export the reports in your desired format (such as, PDF,HTML or CSV) when required.
Was this postal service helpful? thumb_up thumb_down
Brand Representative for NetFort
I hold with the previous comments in that you cannot get answers to who accessed the files in the by.
If y'all don't want to enable auditing on the server yous can also get the audit trail from network traffic. Microsoft file shares are based on the SMB protocol so with the right tool you can discover out who is accessing what data across the network. This approach may be better for you as you want to monitor multiple servers.
We develop a product called LANGuardian which can be deployed as a virtual machone. You just need to setup a SPAN or mirror port off the switch(es) that your file servers connect to. More info at this link
http://www.netfort.com/solutions/file-activity
Darragh
Was this post helpful? thumb_up thumb_down
Brand Representative for Netwrix
How-do-you-do anybody thanks for the replies, that'south what I thought simply information technology was worth a shot.
Does the auditing characteristic take up allot of server juice or infinite? If I take multiple file servers would I take to turn it on each of them or could I spawn a virtual server to audit all shares / files on the network.
Thank you
Grahame
Every bit tfl said you demand to test information technology in your infrastructure but I don't recollect it will stress your servers much, hither is a tip canvas that will help you to enable Windows file server auditing -http://world wide web.netwrix.com/download/documents/Quick_Reference_Guide-File_Server_Auditing.pdf
But even with native auditing enabled information technology will take you quite a while to investigate the logs and find what you lot want. If you want to do it faster and go far more understandable, you can take a look at ourNetwrix Auditor for File Servers it has 20 day free trial. Our solution tin can provide y'all a consummate visibility of your file shares(who/when/where/what did/to what file). It can be installed on one of the file servers or on a split server, information technology doesn't thing.
We as well have a freeware tool to inspect file servers, it is called Netwrix Change Notifier for File Servers.
Was this post helpful? thumb_up thumb_down
For future ways - Windows File System Auditing the easy style - check out FileAudit.
An agentless solution that can be set up to become you auditing in 3 minutes.
http://www.isdecisions.com/video/fileaudit.htm
Was this post helpful? thumb_up thumb_down
tfl This person is a verified professional person. Verify your account to enable It peers to see that you are a professional.
- 71 All-time Answers
- 128 Helpful Votes
I'd love to take a look at the product Chris. Ping me privately if you get a moment!
Simply for the OP, unless you have some solution to audit admission, at that place is no manner to become the data you want after the fact.
Was this post helpful? thumb_up thumb_down
Source: https://community.spiceworks.com/topic/490595-who-last-accessed-a-file
0 Response to "network tool to find out who accessed what file"
Post a Comment