Alan's Blog

"Yeah. I wrote a script that will do that."

Audit files opened on a server — without turning on auditing

Posted on May 25th, 2011

The security officer contacted me with was concern about an administrator looking at files in a user’s home directory.  I was asked whether I could watch the files being opened without turning on auditing. 

OpenFilesUserSessionAuditor.vbs parses session data, and compiles a list of what files are opened by users over time.  The data is written to a temporary database file, and then an Excel report is written.  Duplicate entries are not recorded, and you can regulate the maximum size of the database.

 I did not find any wrongdoing by any administrator.

Filed under Security, VbScript, Windows Administration | No Comments »

Please Note

All the scripts are saved as .txt files. Newer files have a "View Script" button which will let you save or open a script in notepad. For earlier posts, the easiest way to download with IE is to right click on the link and use "Save Target As". Rename file from Name_ext.txt to Name.ext.

To see a full post after searching, please click on the title.

PowerShell Scripts were written with Version 3 or 4.

https connections are supported.

All new users accounts must be approved, as are comments. Please be patient. It is pretty easy to figure out my email address from the scripts, and you are welcome to contact me that way.

Site Search



SQL Site

Bad Behavior has blocked 262 access attempts in the last 7 days.