0

So I'm making a Watchdog script (based on this: https://www.thepythoncorner.com/2019/01/how-to-create-a-watchdog-in-python-to-look-for-filesystem-changes/) that detects changes in a Windows Explorer directory. If a file is created, deleted, moved, and modified and records the following: Who, When, What.

I have everything down except the who part. The folder I want to keep track of is a network drive where multiple people will be changing stuff around on it and I want to see who is messing it up.

My attempt:

#Get username
import getpass
user = getpass.getuser()

Actual Outcome: Me (program user)

Expected Outcome: The people affecting the files.

I am limited in the tool I can use, I have to use Python. No event viewer/logger or server information.

Thank you.

Anonymous
  • 453
  • 1
  • 6
  • 14
  • Does this answer your question? [How to get the owner of the file in the windows 7?](https://stackoverflow.com/questions/41280639/how-to-get-the-owner-of-the-file-in-the-windows-7) – AShelly Jan 23 '20 at 19:15
  • 1
    "Expected Outcome: The people affecting the files." Don't you read the docs on the stuff you're using? Why did you expect ``getpass.getuser()`` to return what you expect, when [the docs](https://docs.python.org/3/library/getpass.html#getpass.getuser) clearly state ``Return the “login name” of the user.`` Don't just expect stuff, read the docs ;) – Mike Scotty Jan 23 '20 at 19:18
  • Yes? I read it and misinterpreted it. Login name of the user is what I needed, except the user = user affecting the file. – Anonymous Jan 23 '20 at 19:25
  • 1
    What leads you to believe that information is even recorded anywhere? The network user that modifies a file may not even be a valid user on your computer. – Mark Ransom Jan 23 '20 at 19:28
  • @MarkRansom, it's certainly not recorded by default because it's not worth the cost. An administrator has to set up inheritable file auditing in the system access control list (SACL) of the directory, and auditing file access also has to be enabled at the system level. Audit events, including the user/machine and access granted, will be created in the security event log. The first hit I get on the subject is this detailed [blog post](https://docs.microsoft.com/en-us/archive/blogs/technet/mspfe/auditing-file-access-on-file-servers) from someone in Microsoft's Premier Field Engineering group. – Eryk Sun Jan 25 '20 at 15:13
  • @ErykSun thanks, that's kind of what I thought but I wasn't 100% sure. – Mark Ransom Jan 25 '20 at 16:57

0 Answers0