Who Access My File?

In my post File Access Auditing - I Am Not Afraid Of GPO I've digested technet documentation on how to set Active Directory Group Policy Object (AD GP) to enable file access auditing as security measure to prevent repudiation. It is heavy weight techniques for scenarios where developer just needs to understand why she gets "Access denied" during development or while deploying in test environment - "Strange, it all worked on my machine...." 🙂

For that purpose I use two light weight tools from Sysinternals, the whole portal of Sysinternal's tools is here Windows Sysinternals loaded with free goodies. 

First tool is file monitor (filemon) - it monitors file access activity and when double clicking on some line it shows the user accessed that file:


But when the file is accessed from other machine, filemon does not have this information:


Mark Russinovich kindly explained me why it is not there and suggested using another great tool - process monitor. The tool has details column which includes the data what I was looking for - Impersonating:<<account name>>:


Very cool, very usable, very light weight


Comments (7)

  1. alik levin's says:

    Identity story with .Net really rocks, but along with great extensibility it also brings a lots of confusion

  2. alik levin's says:

    If these articles: How To: Implement Kerberos Delegation for Windows 2000 How To: Use Impersonation and

  3. alik levin's says:

    If these articles: How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0 Using Protocol

  4. akash_ayren says:

    i want be a good software engg.

  5. Alik Levin says:

    Akash, be a good sw engineer

  6. alik levin's says:

    patterns &amp; practices team maintains Design for Operations [DFO] project on codeplex . The goal of

  7. A few years ago, I recall needing to know (programmatically) which user has accessed a particular file

Skip to main content