Mapped Drive Authentication
I am implementing a new Event Log monitor. I have noticed an event that is triggered when someone logs into their PC and they have a mapped drive toa file share. The scenario is the following:
Map Drive X: is mapped to FileShareMain.
Under FileShareMain is 40 or 50 folders.
User only has access to about 1/2 of the folders.
When the user logs in a slew of Event 560 entries generate in the Security Event Log on the sub-folders the user does NOT have access to.
My question is when a user accesses the main (Parent) file share, does the authenticaion process subsequently check the credentials against each sub-directory automatically, even though the user does not explicitly try to access them? I get about 20 + entries for each sub-folder.
Any input would be greatly appreciated.
I don't want to filter these out because one of our goals is to see is users are trying to access system resources they shouldn't be.
Thanks!
November 18th, 2008 1:37am