Re: filesystem watcher and more
- From: "Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx>
- Date: Sun, 30 Dec 2007 15:30:36 +0100
"hugomind" <hugomind@xxxxxxxxx> wrote in message news:519f23e1-317e-47f8-9f3a-d17bd071e349@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
I need to catch the domainname/username as additional information when
the Filesystemwatcher throws en event ?
If someone is creating, deleting or changing perms of a file I would
need to know who it was.
Could some give me a hint how to accomplish this ?
thnx,
Hugo
Turn on file auditing (Access - Successful ) for the "Authenticated Users" on the File and/or Directories you care about, an event will be written to the security log provided you did enable "Object Access" Auditing in the Local Policies.
The security log entry will tell you who's did what on the FS object.
Even with a FS filter driver it's not possible to get at this info, you are to low in the IO stack to get at this info, which is only accessible by the security subsystem system in the kernel.
Willy.
.
- Follow-Ups:
- Re: filesystem watcher and more
- From: hugomind
- Re: filesystem watcher and more
- References:
- filesystem watcher and more
- From: hugomind
- filesystem watcher and more
- Prev by Date: Re: MDI Help
- Next by Date: Re: Multidimensional Packed Bit Array
- Previous by thread: Re: filesystem watcher and more
- Next by thread: Re: filesystem watcher and more
- Index(es):
Relevant Pages
|
