Skip to content

5000+ Great Articles

Best Articles & Essays: Interesting Articles to Read Online

  • Fixed: Cloud File Provider not working on OneDrive – Error 0x8007016A MS Office Tips
  • Best free plant identification app 2022 Software Reviews
  • Troubleshoot Printer Stuck in Offline Status in Windows Windows 10
  • The 5 Best Games For iPhone [2020] iPhone
  • Save a List of Running Processes to a Text File in Windows How-To
  • Best Free Karaoke Software for Windows Software Reviews
  • Best construction master 5 calculator 2020

    Best construction master 5 calculator 2020. 1 - Calculated Industries 5032-5 Armadillo Gear Hard Protective Calculator Case in Lime Green Top

  • Otter – An AI-Powered Audio Transcription Service That Actually Works Software Reviews

How to Track When Someone Accesses a Folder on Your Computer

Posted on October 6, 2020 By blog_786 No Comments on How to Track When Someone Accesses a Folder on Your Computer

Windows has a nice little feature that lets you keep track of when someone is viewing, editing, or deleting something inside a specified folder. So if there is a folder or file that you want to know who is accessing, then this is a built-in method without using third-party software.

This feature is actually part of a Windows security feature called Group Policy that is used by most IT professionals who manage computers on a corporate network through servers, however it can also be used locally on PCs without any servers. The only downside to using Group Policy is that it is not available in earlier versions of Windows. Windows 7 requires Windows 7 Professional or higher. For Windows 8, you need Pro or Enterprise.

The term Group Policy basically refers to a set of registry settings that can be managed through a graphical user interface. You enable or disable various settings and these changes are then updated in the Windows registry.

In Windows XP, to go to the Policy Editor, click Start and then Run. In the text box, enter “gpedit.msc” without quotes, as shown below:

How to Track When Someone Accesses a Folder on Your Computer

In Windows 7, you just click the Start button and type gpedit.msc into the search box at the bottom of the Start menu. In Windows 8, simply go to the Start screen and start typing, or move your mouse cursor to the upper or lower right corner of the screen to open the charms bar and click Search. Then just type gpedit. You should now see something similar to the image below:

How to Track When Someone Accesses a Folder on Your Computer

There are two main categories of policies: user and computer. As you might have guessed, user policies control the settings for each user, whereas the computer settings will be system wide and will affect all users. In our case, we want our settings to be for all users, so we’ll expand the Computer Configuration section.

Continue expanding to Windows Settings Security Settings Local Policies Audit Policy. I won’t explain most of the other settings here, as they are primarily focused on auditing a folder. You will now see a set of policies and their current settings on the right side. Audit policy is what controls whether the operating system is configured and ready to track changes.

How to Track When Someone Accesses a Folder on Your Computer

Now check the Audit Object Access setting by double clicking it and selecting both Success and Failure. Click OK and we are now done with the first part, which tells Windows that we want it to be ready to track changes. Now the next step is to say EXACTLY what we want to track. You can now close the Group Policy Console.

Now navigate to the folder using Windows Explorer that you want to monitor. In File Explorer, right-click the folder and select Properties. Click the Security tab and you should see something similar to this:

How to Track When Someone Accesses a Folder on Your Computer

Now click the Advanced button and go to the Auditing tab. This is where we will configure what we want to track for this folder.

How to Track When Someone Accesses a Folder on Your Computer

Go ahead and click the Add button. A dialog box appears asking you to select a user or group. In the box, enter the word “users” and click Check Names. The field will automatically display the name of the local users group for your computer in the form COMPUTERNAME Users.

How to Track When Someone Accesses a Folder on Your Computer

Click OK and now you will see another dialog box titled “Audit Entry for X”. This is the real essence of what we wanted to do. This is where you choose what you want to watch for this folder. You can individually choose what types of actions you want to track, such as deleting or creating new files / folders, etc. To make things easier, I suggest choosing “Full Control”, which will automatically select all the other options below it. Do it for success and failure. This way, whatever is done with that folder or files in it, you will have a record.

How to Track When Someone Accesses a Folder on Your Computer

Now click OK, then OK again and OK again to exit out of the many dialog boxes. And now you have successfully configured auditing for the folder! You may ask, how do you look at events?

To view the events, you need to go to the control panel and click “Administration”. Then open the Event Viewer. Click on the “Security” section and you will see a large list of events on the right:

How to Track When Someone Accesses a Folder on Your Computer

If you create a file or simply open a folder and click the Refresh button in the Event Viewer (the button with two green arrows), you will see a group of events in the file system category. They refer to any delete, create, read and write operations on folders / files that you check. In Windows 7, everything now appears under the File System task category, so to see what happened, you have to click on each one and scroll through it.

To make it easier to view so many events, you can set a filter and just see the important things. Click the View menu at the top and click Filter. If there is no Filter option, right-click the security log on the left page and select Filter Current Log. In the Event ID field, enter 4656. This event, associated with a specific user performing a file system action, will provide you with relevant information without having to view thousands of records.

How to Track When Someone Accesses a Folder on Your Computer

If you would like more information about an event, just double click to view it.

How to Track When Someone Accesses a Folder on Your Computer

This is the information from the screen above:

An object descriptor was requested.

Subject:
Security ID: Aseem-Lenovo Aseem
Account Name: Aseem
Account Domain: Aseem-Lenovo
Login ID: 0x175a1

Object:
Object Server: Security
Object Type: File
Object Name: C : Users Aseem Desktop Tufu New Text Document.txt
Descriptor ID: 0x16a0

Process Information:
Process ID: 0x820
Process Name: C: Windows explorer.exe

Access request information:
Transaction ID: {00000000-0000-0000-0000-000000000000}
Access: DELETE
SYNCHRONIZE
ReadAttributes

In the example above, the file I was working on was New Text Document.txt in the Tufu folder on my desktop, and the access I requested was DELETE followed by SYNCHRONIZE. I deleted the file. Here’s another example:

Object type: file
Object name: C: Users Aseem Desktop Tufu Address Labels.docx
Descriptor ID: 0x178

Process Information:
Process ID: 0x1008
Process Name: C: Program Files (x86) Microsoft Office Office14 WINWORD .EXE

Access request information:
Transaction ID: {00000000-0000-0000-0000-000000000000}
Access: READ_CONTROL
SYNCHRONIZATION
ReadData (or ListDirectory)
WriteData (or AddFile)
< em> AppendData (or AddSubdirectory or CreatePipeInstance)

ReadEA
WriteEA
ReadAttributes < br /> Record Attributes

Reasons for Access: READ_CONTROL: Proprietary
SYNCHRONIZE: Granted D: (A; ID; FA ;;; S-1-5-21-597862309-2018615179-2090787082 – 1000)

As you read this, you can see that I accessed Address Labels.docx using the WINWORD.EXE program, and my calls included READ_CONTROL, and my reasons for accessing were READ_CONTROL as well. Usually you will see a few sub-accesses, but just focus on the first one as this is usually the main access type. In this case, I just opened the file in Word. It takes a little testing and reading the events to figure out what’s going on, but once you figure it out, it’s a very robust system. I suggest creating a test file folder and following various steps to see what is displayed in the event viewer.

That’s all! A fast and free way to track access to a folder or changes in it!

–

Share this:

  • Twitter
  • Facebook

Post navigation

Previous Post: Defragmenting Your Hard Drive in Windows XP/7/8
Next Post: How to Forcefully Clear the Print Queue in Windows

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Archives

  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • November 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • March 2021
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • December 2019
  • July 2019
  • May 2019
  • April 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018

Categories

  • AI Tools & Guides
  • Amazon Web Services
  • Apple Watch
  • Computer Tips
  • Cool Websites
  • Featured Posts
  • Free Software Downloads
  • Gadgets
  • Gaming
  • General Software
  • Google Software/Tips
  • Hardware
  • Help Desk
  • How-To
  • iOS
  • iPad
  • iPhone
  • islamic Books
  • Linux
  • Linux Tips
  • Mac OS X
  • macOS
  • MS Office Tips
  • Networking
  • Office Tips
  • OS X
  • Product Reviews
  • Reviews
  • Safari
  • Smart Home
  • Smartphones
  • Software Reviews
  • technology
  • text
  • Tools Review
  • Troubleshooting
  • Tutorials
  • Uncategorized
  • Urdu Books PDF
  • Web Site Tips
  • Windows
  • Windows 10
  • Windows 7
  • Windows XP Tips
  • Wordpress
  • How to Watch Netflix in 1080p on Chrome and FireFox
  • cat5 vs cat5e vs cat6 vs cat6a vs cat7 – Which Ethernet Cable to Use?
  • 15 Best Legal Torrenting Sites to Download Content Safely
  • Review of the ReMarkable 2.0 tablet with Type Folio keyboard
  • Flixable Helps You Find the Best Movies and TV shows on Netflix
DMCA.com Protection Status

Recent Posts

  • 6 Simple Hacks To Access Blocked Websites
  • How to Watch Netflix in 1080p on Chrome and FireFox
  • cat5 vs cat5e vs cat6 vs cat6a vs cat7 Which Ethernet Cable to Use?
  • 15 Best Legal Torrenting Sites to Download Content Safely
  • Review of the ReMarkable 2.0 tablet with Type Folio keyboard

Recent Comments

  1. Flixable Helps You Find the Best Movies and TV shows on Netflix on SmartDNS vs VPN “What’s the Difference?”
  2. 5 Sites That Are Like Audible, But Free on Top 4 Amazon Price Tracker Tools
  3. 5 Sites That Are Like Audible, But Free on 14 Best Free Audiobooks on Audible – 2022
  4. How to Reduce PNG File Size of a Photo on How to Convert a Screenshot to a Jpeg on a Mac
  5. 3 Sites like YouTube to Earn Money With Your Videos on Here are the Top 10 highest paid YouTubers of 2013
  • 6 Best Online Accounting Software for 2020 Reviews
  • How to Check How Much Data Is Left in Airtel How-To
  • Best calculator with paper 2020

    Best calculator with paper 2020. 1 - PLENTY Deluxe Leather Pocket Notebook Cover Jotter Organizer Memo Pad Holder with Calculator, 50 Pages Note Pap

  • How to uninstall Chrome, managed by your organization Google Software/Tips
  • Disable Keyboard Keys in Windows with AutoHotKey How-To
  • How to Enlarge Instagram Profile Picture of Strangers Following You? How-To
  • How to Recover Deleted Emails in Office 365 Office Tips
  • 5 Photo Recovery Tools Tested and Reviewed Computer Tips

Copyright © 2023 How To Blog.

Powered by PressBook News WordPress theme

Go to mobile version