问题
This is a follow up to this question.
I followed the accepted answer and thought I was satisfied with the results but ran into a roadblock.
The Setup
I'm running my C# program from the server that monitors a directory. Any time a file is modified, FileSystemWatcher triggers an event that causes the program to check the security audit logs (which have been turned on, see previous question's solution).
The Problem
My problem is that when I check the security logs after a remote user has modified a file, they are logged as an anonymous user. Specifically "NT AUTHORITY\SYSTEM". Is there any way to pull unique information from these security logs that will help me differentiate the users modifying the files?
The Deets
I'm using EventLog to read the security logs like this:
EventLog log = new EventLog("security");
EventLogEntryCollection col = log.Entries;
//...
string username = entry.UserName;
回答1:
This may help string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
来源:https://stackoverflow.com/questions/8619503/pull-any-machine-specific-information-from-windows-audit-log