Reporting user changing files

StackOverflow https://stackoverflow.com/questions/18205107

  •  24-06-2022
  •  | 
  •  

Question

I am using fschange to monitor a Windows shared directory and it is working as expected.
I want to monitor which user made the changes. How can I achieve this?

Was it helpful?

Solution

Fschange does not record the login making the changes on Windows.

Use Windows native SACLs to monitor these files and just monitor the Windows Security log for object audit events.
Enable Object Access auditing in your server's security policies before the SACL entries take effect.
Then check the security log for events 560 thru 564 and 567. These will tell you the file/folder accesses, success/failure, login, etc.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top