Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do you know if someone is accessing your files.

Status
Not open for further replies.
wo1wo1

wo1wo1

MIS
Sep 25, 2005
11
US
Hi, I have a UNIX administrator that I think might be accessing my files; I have nothing to hide but would like to know to what extent he is accessing my files. Does anyone know how I would if he is accessing my data, what tool would I use, or could I use auditing?

Thanks, Windows Systems Administratory
 
Sort by date Sort by votes
You can use auditing. To set up auditing is a two fold process. 1. you must turn on auditing in the group policy then 2. you must specify on the properties page of files and folders you wish to audit.

1. On the PC that holds the files, start>administrative tools>local security policy. In the local policies, audit policy, configure "Audit object access" to successful" (if your unix guy can see them) or "failure" (if he can't) or both. Try not to use both as this will increase the log size.

2. right click the folder or files you wish to audit, properties, security tab, advanced button, auditing tab. add your unix guy's account and what type of access you wish to audit... read, write....



Start, Help. You'll be surprised what's there. A+/MCP/MCSE/MCDBA
 
Upvote 0 Downvote
This will not work will unix distro's (Linux), I have seen him access my computer through a command line. The auditing will not pick up on this type of access. I flat out asked him today he said that only way to see who is accessing your computer using Unix is by using a sniffer. do you know of a good sniffer (Open source or freeware) that I can use?

thanks
 
Upvote 0 Downvote
I take it your host IS Windows 2000?
If the remote user is using Unix/Linux/Windows/Dos it doesn't really matter.

If the remote user is using SMB / CIFS to access your Windows 2000 server, then you will be able to see who is accessing your files.

Try this on the server....
Right click My Computer, and left click on MANAGE.
Open up SHARED FOLDERS
In here you'll be able to see all of your shares and who is accessing them.

A network sniffer really isn't relevant - but If you're really after one, the download a copy of Ethereal It's ported to Linux and Windows and works fine - its free and open source..

Regards

Phil B
 
Upvote 0 Downvote
F1lby

are you saying that the shared folders will let you see if someone is accessing your computer via Unix?

Do you know of a script I can get to check this every 5 minutes and will create a log file for anyone who is accessing my files?

I started to play with Ethereal last night, I think this is going to be my solution. do you know how to filter the packets, so that I just see when someone is accessing my computer?

thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
242
microsGuy16
microsGuy16
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
432
gbaughma
gbaughma
Dave60608
  • Locked
  • Question
Accessing shared folders via a network
Replies
5
Views
244
strongm
strongm
juniper911
  • Locked
  • Question
Smartcard PIN Cache - is it configurable?
Replies
0
Views
99
juniper911
juniper911
Fireksf
  • Locked
  • Question
Avaya IPOCC not generate Report, Please any body if you a have any idea help me.
Replies
1
Views
113
MarkSweetland
MarkSweetland

Part and Inventory Search

Sponsor

Back
Top