1) net share
2) $ at the end(eg: C$):
- is an administrative share.
- hidden,
- need membership in the local Administrators security group.
3) fsmgmt.msc
4) Default sharre
- DriveLetters$
- ADMIN$ (c:\Windows)
- IPC$
- NETLOGON (on DC only)
- SYSVOL (on DC only)
5) EVENT LOG
a) 5142 - success create file share
b) 4657 - registry value was modified
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Shares
c) 5144 - success delete file Share
d) 5140 - success File_share access
- one time persession. windows10 default timeout is 15 minutes.
- one time persession. windows10 default timeout is 15 minutes.
e) 5145 - successfull file_share file/folder operations
- need to enable 'Objec_Access - > Detailed File Share' auditing sub-category
No comments:
Post a Comment
Terima kasih