Monitoring Share Folders

I have been asked the same question over and over again – “how can I monitor my personal Windows shared files?” So in other words, users set up shared files on their local computers or even a server and they want to know how they can easily see who has opened what and when.

I found 2 Free Applications can do this in a very easy way :

First one is Share Monitor from Softpedia. After downloading the application go ahead and run it. You will see a screen that looks like this:

If you click the Start button in the upper left hand corner the application will start. If you do not have any Windows shared files on your computer than nothing will happen. If you do have shares on your computer, Share Monitor will start its magic.

I downloaded and ran Share Monitor on my office desktop machine. I then clicked the start button on the application, not changing anything and I still saw nothing! So I attempted to access my shared folders from my machine and then again from one of my local servers. I then saw my log start to grow. Let’s see what it did:

So over the two minute span I accessed 6 folders or files on two different shares.

• We can see the opened at field displays the date and time the share or file was opened.
• The closed at field shows when the file or folder was closed.
• The duration field computes the difference between those two fields.
• The user name is the logged in user who accessed your files or folders.
• The Type is the type of operating system used.
• The open mode can show read or write access.
• Finally the File/Folder field shows the object that was accessed.

Now how can we use this information? Well let’s take a look below:

Now if I needed to know who changed my website’s footer file for example I could look at the Share Monitor log and see that on 3/31/2010 at 3:02 PM a user logged in as “Administrator” modified my file. How do I know that? Well that is the only entry with Write + Read access to the file. All the other entries list only read access. This means that those users COULD NOT have modified my file. My culprit is the Administrator!

The Second one which has more configuration options is the System Tray Share Monitor.

Upon loading the program, you will notice an eye-shaped icon (like the one above) in your system tray. This is the system tray monitor. Let's explore the basic functionality:

DOUBLE-CLICK THE EYE ICON to open the share monitor.

The listing shows the following:

• USERNAME: NT login for the user connected to your share.
  
• COMPUTER: IP address or computer name for the computer connected to your share.
  
• MINUTES:
  • ACTIVE MINUTES: Minutes the user has been connected to your PC.
  • IDLE MINUTES: Minutes the user has been idel.
• OPEN FILES: Number of files listed as open.
• OPERATING SYSTEM: The operating system of the connecting user.

Logging is enabled by entering the Configuration Screen and turning logging on. See that section for details. You can chose to either log a single file, or log files with a date stamp. If you chose to log files by day, you will also select how many days of logs to keep. The application performs a log cleanup once every day, and also cleans up the logs on the program startup.

You can logging three ways. The menu provides an easy way to access all of the information:

"View Logs" - View the text log for the date that you choose. This shows both connections and attempted file accesses.
"View Connection Excel/CSV Files" - View the Connection CSV file for the date that you choose. This shows connection information only.
"View File Excel/CSV Files" - View the File Access CSV file for the date that you choose. This shows file access information only.

No matter which way you pick, you will get a list of logs:

Double-click any entry to view the log file. (Or, select the entry and click "View Log File".) CSV files will launch in whatever file you have associated for CSV spreadsheets (Excel, Lotus 1-2-3, etc.). LOG files will launch in Notepad.