How to detect someone has accessed the C$ on the machine

[Rembrandt]

Is there a way to determine who has accessed the
shared drive ( C$ )on any given network machine?

TIA

 

[Herb Martin]

Is there a way to determine who has accessed the
shared drive ( C$ )on any given network machine?

Only Administrators have access to the C$ (etc.)
shares.

 

[rembrandt]

can you determine which adminstrator accessed it or
if any administrator accessed it at all?

TIA

Is there a way to determine who has accessed the
shared drive ( C$ )on any given network machine?

Only Administrators have access to the C$ (etc.)
shares.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

TIA

 

[Herb Martin]

With Auditing.

A share is technically an auditable object, but there
are no built-in tools for setting this on shares -- so
you might do better with auditing on the files and
directories (NTFS objects) on the share.

You can take a look a SetACL.exe (free) from
SourceForge.net -- IIRC, SetACL can set share
auditing. (But source is available so someone
could modify it if not.)

You will be able to distinguish which admin, if
your admins use their own accounts and you set
up auditing on the objects of interest.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

can you determine which adminstrator accessed it or
if any administrator accessed it at all?

TIA

Is there a way to determine who has accessed the
shared drive ( C$ )on any given network machine?

Only Administrators have access to the C$ (etc.)
shares.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

TIA