Surely archiving the Windows Security Event log would be more useful? As admin shares are only one way to access a PC, and I'm not sure that a Windows Firewall pop-up is really a "log" (seems to be more of a notification IMHO)
Cheers Ken -- http://au.linkedin.com/in/kschaefer From: [email protected] [mailto:[email protected]] On Behalf Of David McSpadden Sent: Tuesday, 8 July 2014 11:23 AM To: <[email protected]> Cc: [email protected] Subject: Re: [NTSysADM] Re: Windows 7 firewall Last audit wanted to know if we had a log of when we admins we're accessing others pc's. Sent from my iPhone On Jul 7, 2014, at 8:53 PM, "Ken Schaefer" <[email protected]<mailto:[email protected]>> wrote: Someone being an admin on their own machine doesn't give them access to anyone else's ADMIN$ share. Or are you saying everyone's an admin on *every* machine? What's the scenario you're trying to detect here? Someone accessing their own machine? Or someone accessing someone else's machine? Cheers Ken -- http://au.linkedin.com/in/kschaefer From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Melvin Backus Sent: Monday, 7 July 2014 9:32 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Re: Windows 7 firewall True, accept that due to management ... hmm, what's the word... anyway, all users have local admin rights. :( If I were actually alone in this situation I'd be much less dismayed since I would be able to point to anywhere else and say, "Nobody else allows this", but hey, it pays the bills. -- There are 10 kinds of people in the world... those who understand binary and those who don't. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Thursday, July 03, 2014 9:42 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Re: Windows 7 firewall In general, since only high-privilege users can access admin shares, if you can't trust your high-privilege users - then fire them. :) [By default, admin shares can only be accessed by Backup Operators, Server Operators, and local Administrators.] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Angus Scott-Fleming Sent: Thursday, July 3, 2014 8:34 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Re: Windows 7 firewall On 2 Jul 2014 at 19:53, David McSpadden wrote: > Is there a way to set Windows Firewall up to popup when someone is > accessing your admin > shares? This article is a bit dated, but there's probably an app for that. 4 ways to monitor who is accessing your shared folders/files http://dottech.org/11324/4-ways-to-monitor-who-is-accessing-your-shared-foldersfiles/ This one claims to work on Win7: ShareWatch http://stevemiller.net/sharewatch/ This article is more current: 7 Ways to Monitor Shared Folders For Who Modified or Deleted Files * Raymond.CC https://www.raymond.cc/blog/track-who-modified-or-deleted-files-in-your-shared-folder/ and several of the apps there claim to work on Win7. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
