{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 看我几分像从前 的问题《Pull any machine specific information from Windows》','https://www.manongdao.com/q-1112101.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
This is a follow up to this question.
I followed the accepted answer and thought I was satisfied with the results but ran into a roadblock.
The Setup
I'm running my C# program from the server that monitors a directory. Any time a file is modified, FileSystemWatcher triggers an event that causes the program to check the security audit logs (which have been turned on, see previous question's solution).
The Problem
My problem is that when I check the security logs after a remote user has modified a file, they are logged as an anonymous user. Specifically "NT AUTHORITY\SYSTEM". Is there any way to pull unique information from these security logs that will help me differentiate the users modifying the files?
The Deets
I'm using EventLog to read the security logs like this:
EventLog log = new EventLog("security");
EventLogEntryCollection col = log.Entries;
//...
string username = entry.UserName;
This may help string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;