I searched the forum because I thought this would be a question that had already been answered, but I didn't find anything. Does anyone know if there is a registry file in Windows 7 that keeps track of network shares that are available or network shares that have been accessed? Thanks in advance!

I have found the names of the network shares in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ but there isn't very much information about them in there. For example, if I run the 'net use' command without any parameters, it returns at least a little more information about the shares such as what drive letter they are mapped to. Does anyone know where there is any additional information about network shares - even where the 'net use' command is getting the drive letters from? Even better would be information about recent use - like dates they have been accessed from a local machine. edit: Ok, I see that I couldn't find info about network shares was because they were not setup to be persistent. When they are set up to be persistent I can get some info (like drive mappings) in HKEY_CURRENT_USER\Network which is where I originally expected it to be. However, even if they are not set up as persistent 'net use' still provides some information and I can't figure out where it is getting it from. I'm also interested in whether log files are written to with things like dates when network shares are accessed.

I have found the names of the network shares in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ but there isn't very much information about them in there. For example, if I run the 'net use' command without any parameters, it returns at least a little more information about the shares such as what drive letter they are mapped to. Does anyone know where there is any additional information about network shares - even where the 'net use' command is getting the drive letters from? Even better would be information about recent use - like dates they have been accessed from a local machine.

You can find the list of shares from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Shares On the right hand side you would see the list

Thanks. I came across that yesterday when I was searching, but unfortunately that key is empty for me. The only value showing up is the default with (value not set). I have 2 PCs that have access to multiple Network Shares that I am testing on, but neither of them are showing anything in that location.

Yes that is correct this is how it should be , on the server where the shares are located there we would she the shares in the registry not on the clients machine from where it connected.

Thanks. I ended up finding some useful information about network shares in some Shellbags in the registry and I believe I'm going to be able to reconstruct the file structure of the network shares (or at least of the folders that the user accessed) based on that information. The Shellbags are located at HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bag