如何确定谁更改了一个文件

如何确定谁更改了一个文件

本文介绍了如何确定谁更改了一个文件?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在Windows中,我怎么能编程方式确定哪个用户帐户上次更改或删除的文件?



我知道,设立审核对象访问可能是一种选择,但如果我使用,那么我有问题,试图将审计日志条目匹配到特定的文件...听起来复杂和杂乱!我想不出任何其他方式,所以没有人要么对这种做法或任何替代任何提示?


解决方案

您可以将问题分为两部分:


  1. 每次访问文件时写入日志。

  2. 解析,过滤和呈现日志的相关信息。



  3. 那两个部分1,写入日志被内置在通过审计功能,如你所说。重塑这将是困难的,可能永远不会像内建功能一样好。

    通过在这些文件上设置审计ACL,我可以使用内置的功能进行日志记录。然后,我将集中精力提供一个读取事件日志的好界面,筛选出相关事件,并以适合您的用户的相关方式呈现。


    In Windows, how can I programmatically determine which user account last changed or deleted a file?

    I know that setting up object access auditing may be an option, but if I use that I then have the problem of trying to match up audit log entries to specific files... sounds complex and messy! I can't think of any other way, so does anyone either have any tips for this approach or any alternatives?

    解决方案

    You can divide your problem into two parts:

    1. Write to a log whenever a file is accessed.
    2. Parse, filter and present the relevant information of the log.

    Of those two part 1, writing to the log is a built in function through auditing as you mention. Reinventing that would be hard and probably never get as good as the builtin functionality.

    I would use the built in functionality for logging by setting up an audit ACL on those files. Then I would focus my efforts on providing a good interface that reads the event log, filters out relevant events and presents them in a way that is suitable and relevant for your users.

    这篇关于如何确定谁更改了一个文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-14 02:12