File last accessed by user

I can see that they happened simultaneously so that can lead me to believe that Alice is selecting a large number of files and copying them to an external drive or possibly to a desktop. The next step that I want to put in place is some proactive alerts in case these kinds of accesses happen again.

From here I can create my alerts. Just like that and validate that. Then I could use a wide range of tools for doing the automatic cleanup of the files. Enable auditing n file server would your best practice that will show you, who has accessed the file. Though, native auditing does not ensures about the guarantee of real time auditing. The problem is all real user or service accounts at the file system level look exactly the same.

Depending of the number of users we are talking about, you can develop a custom solution to filter events. But, it is a real huge, huge, huge work to do. You better to use a solution like Varonis DatAdvantage which is designed for this kind of job. The blog looks interesting and could provide all informations I need to work with to solve my major use case. Thank you. Real time auditing should not be necessary for my use case. If latest access information is from one hour ago, it should be fine, too.

Office Office Exchange Server. Not an IT pro? Resources for IT Professionals. It is also possible that a file may have been created, and then neither accessed or written to again. For my purpose today, I am going to use the LastWriteTime property.

I want to create a simple function that I can use that permits me to supply an array of folders and a begin date. The function is shown here:. In the first command line, I look for files that have not been accessed in 60 days:.

The reason for doing this is so I can gain confidence that the function works as I think it should. It appears to do so. Now, I am going to look for files that have not been accessed in days, as shown here:.

Cool, I found a few files. Now, I know that I have backups of these files, so I am going to delete them. To do this, I change the Select command to Remove-Item :. AB, that is all there is to using Windows PowerShell to find files that have not been accessed in an extended period of time. This also concludes File Week. Join me tomorrow when I will talk about more really cool Windows PowerShell stuff.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter microsoft. See you tomorrow. Until then, peace.