G
Guest
Is there a way to log in the event log when a share is created on a server?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
R
Roger Abell [MVP]
You could enable audit of Set Key Value in the registry on the key
HKLM/System/CurrentControlSet/Services/Lanmanserver/Shares
HKLM/System/CurrentControlSet/Services/Lanmanserver/Shares
G
Guest
What do I need to do?
Roger Abell said:You could enable audit of Set Key Value in the registry on the key
HKLM/System/CurrentControlSet/Services/Lanmanserver/Shares
G
Guest
How do I do that?
Roger Abell said:You could enable audit of Set Key Value in the registry on the key
HKLM/System/CurrentControlSet/Services/Lanmanserver/Shares
G
Guest
Roger Abell said:You could enable audit of Set Key Value in the registry on the key
HKLM/System/CurrentControlSet/Services/Lanmanserver/Shares
R
Roger Abell [MVP]
If the effective policy on the machine, in the Audit Policy section has
set Audit Object Access on for success, then just use regedit to find
the key and right click into its properties, where in the
security/permissions
tab you will find an Advanced button that will let you get at the Audit tab.
There you would just set Audit for Everyone for Set Key Value.
set Audit Object Access on for success, then just use regedit to find
the key and right click into its properties, where in the
security/permissions
tab you will find an Advanced button that will let you get at the Audit tab.
There you would just set Audit for Everyone for Set Key Value.
G
Guest
I set the auditing for the Shares folder. But it does not do what I want,
which is to only log when a new entry is made. Even if you were to just
click on the folder, scan the registry for viruses, or backup the registry,
it gets logged that a new share was created. I am also trying to log what
folder was shared and the new share name.
which is to only log when a new entry is made. Even if you were to just
click on the folder, scan the registry for viruses, or backup the registry,
it gets logged that a new share was created. I am also trying to log what
folder was shared and the new share name.
R
Roger Abell [MVP]
You have apparently set it to log all accesses to the reg key
rather than only for Set Value
rather than only for Set Value
G
Guest
I have onle Set Value checked off. I have every option checked off in
auditing.
auditing.