Share Security+Log

[Guest]

Hello,

It seems one of my member's of staff pc had one of his personal folders
shared without his knowledge, it was shared over the network with full
persmissions. The OS is Windows XP Pro SP2.

After finding out it was being shared, I quickly turned off the share but
now the question remains how did it get shared in the first place?

Is there any tool or log in Windows XP that I can view to see who ACCESSED
that paricular share or when it was turned, can anyone please shed some light
on the situation.

Thanks so much

 

[Lanwench [MVP - Exchange]]

Hello,

It seems one of my member's of staff pc had one of his personal
folders shared without his knowledge, it was shared over the network
with full persmissions. The OS is Windows XP Pro SP2.

After finding out it was being shared, I quickly turned off the share
but now the question remains how did it get shared in the first place?

Is there any tool or log in Windows XP that I can view to see who
ACCESSED that paricular share or when it was turned, can anyone
please shed some light on the situation.

Thanks so much

Probably not. Any auditing you would enable now, wouldn't be retroactive
anyway.

Only an administrator can set up a share - best practice is to have users
run as users only, and make sure the local administrator credentials are
secured. Keep your computers locked down as tightly as possible.

Also, if you are in a workgroup configuration, consider moving to a domain
model (or, at least, a central server for all your file storage). Secure the
server (both physically, and via permissions), and don't store data on
workstations at all.

 

[Guest]

Hi,

I relize that the auditing will be pretty much pointless now, but is there
nowhere in the registry or whereever that Windows stores a list of when
shares were created or who accessed them?

Is the only way through the event logging?

 

[Lanwench [MVP - Exchange]]

Hi,

I relize that the auditing will be pretty much pointless now, but is
there nowhere in the registry or whereever that Windows stores a list
of when shares were created or who accessed them?

Not that I'm aware of, no.

Is the only way through the event logging?

I'm not even sure what you'd see in there even if you had more auditing
enabled, honestly.
This is a case of locking the barn door after the horses have escaped. Just
do what you can to prevent it happening again.

 

[Guest]

Agreed, problem is I need a reason why this was done, and if I can provide
more information on it.

 

[Lanwench [MVP - Exchange]]

Agreed, problem is I need a reason why this was done, and if I can
provide more information on it.

Unless you can get someone to confess, it could be anyone who had admin
rights on that box.

 

[Guest]

Still nothing guys, no way to check the registry or anything like that?

 

[Lanwench [MVP - Exchange]]

Still nothing guys, no way to check the registry or anything like
that?

I don't know any other way to say this...no.