Mapped Drive Authentication
I am implementing a new Event Log monitor. I have noticed an event that is triggered when someone logs into their PC and they have a mapped drive toa file share. The scenario is the following: Map Drive X: is mapped to FileShareMain. Under FileShareMain is 40 or 50 folders. User only has access to about 1/2 of the folders. When the user logs in a slew of Event 560 entries generate in the Security Event Log on the sub-folders the user does NOT have access to. My question is when a user accesses the main (Parent) file share, does the authenticaion process subsequently check the credentials against each sub-directory automatically, even though the user does not explicitly try to access them? I get about 20 + entries for each sub-folder. Any input would be greatly appreciated. I don't want to filter these out because one of our goals is to see is users are trying to access system resources they shouldn't be. Thanks!
November 18th, 2008 1:37am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics