Today I received an email from one of my users asking why he couldn’t access his shared folder on one of our servers.
Example: \\servername\share\ = access denied.
When I checked the share permissions on the folder I was surprised to see that the user had been removed from the "shared permissions" list.
Now my question is: Is it possible to track who or what deleted the users share permissions on the folder?
I have studied the different event logs, but couldn’t find any indication of anyone who had changed the share permissions.
Kind Regards Martin