Who Access My File?

In my post File Access Auditing - I Am Not Afraid Of GPO I've digested technet documentation on how to set Active Directory Group Policy Object (AD GP) to enable file access auditing as security measure to prevent repudiation. It is heavy weight techniques for scenarios where developer just needs to understand why she gets "Access denied" during development or while deploying in test environment - "Strange, it all worked on my machine...." :)

For that purpose I use two light weight tools from Sysinternals, the whole portal of Sysinternal's tools is here Windows Sysinternals loaded with free goodies. 

First tool is file monitor (filemon) - it monitors file access activity and when double clicking on some line it shows the user accessed that file:

 

But when the file is accessed from other machine, filemon does not have this information:

 

Mark Russinovich kindly explained me why it is not there and suggested using another great tool - process monitor. The tool has details column which includes the data what I was looking for - Impersonating:<<account name>>:

 

Very cool, very usable, very light weight

Enjoy

Comments

• Anonymous
  April 05, 2007
  Identity story with .Net really rocks, but along with great extensibility it also brings a lots of confusion
• Anonymous
  April 08, 2007
  If these articles: How To: Implement Kerberos Delegation for Windows 2000 How To: Use Impersonation and
• Anonymous
  April 10, 2007
  If these articles: How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0 Using Protocol
• Anonymous
  May 05, 2007
  i want be a good software engg.
• Anonymous
  May 05, 2007
  Akash, be a good sw engineer
• Anonymous
  January 20, 2008
  patterns &amp; practices team maintains Design for Operations [DFO] project on codeplex . The goal of
• Anonymous
  January 21, 2008
  A few years ago, I recall needing to know (programmatically) which user has accessed a particular file