Announcement

Collapse
No announcement yet.

XP Hidden Shares Auditing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • XP Hidden Shares Auditing

    Hi

    Could someone show me how to enable audting on hidden shares (C$ etc) on an XP machine that is in an active directory domain.


    thanks in advance

  • #2
    Re: XP Hidden Shares Auditing

    hi you can use this tool
    http://www.firewallleaktester.com/wwdc.htm

    Comment


    • #3
      Re: XP Hidden Shares Auditing

      What exactly do you mean by "auditing"? Can you be more specific with what goals you're trying to accomplish? If you just want to see which hidden shares a network of computers has, you might be able to use SoftPerfect's Network Scanner, scan the subnet and then manually look for hidden shares with the output that it gives.
      Wesley David
      LinkedIn | Careers 2.0
      -------------------------------
      Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
      Vendor Neutral Certifications: CWNA
      Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
      Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

      Comment


      • #4
        Re: XP Hidden Shares Auditing

        Originally posted by rcorbet View Post
        Hi

        Could someone show me how to enable audting on hidden shares (C$ etc) on an XP machine that is in an active directory domain.


        thanks in advance
        Hidden shares are actual folders on a machine and/or drive letters,so you would setup auditing the same way as a normal folder/share. The share becomes hidden by appending the $ sign to the end of the name.

        You can use the auditing features of Group Policy.

        Computer Config --> Windows Settings --> Security Settings --> Local Policies --> Audit Policies.

        The 'Audit Object' access is applicable.

        You then need to go the folder/drive letter and add the group/and or users you are auditing. e.g. You could use the 'authenticated users' group.

        e.g. Go to My Computer. Right click on C drive and left click Properties. Select the security tab and then click on advanced and select auditing.

        You can then add the appropriate groups.

        Events appear in the DCs Security log.

        Comment

        Working...
        X