I know that Windows 7 (Registry) stores the shares that a machine has connected to. Can anybody tell me what the registry location is ?
According to Forensic Focus, it should be under
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
but its not there. Help is appreciated. Thanks
OK, you have had a stab at searching the forum for the answer, but the best answer is one you can find yourself.
How about trying to work out a strategy for trying to find the answer from your own machine presuming you have W7 (if not the chances are that it will be in similar location in other Win versions).
I could tell you a strategy but it is not too difficult if you have any shares.
H
I agree with harryparsonage.
I could tell you but I didn't know off the top of my head. How does the saying go…
"Give a man a fish he eats for a day. Teach him to fish he, something something something?"
You have shares on your windows 7 computer right? if not create one. Make it something strange and unsual.
Something like "JohnnyIsAwesome" Well at least that''s what I used. -)
Once created you know there is nothing in the registry with that name because it is unique.
How would you go about finding where it put that in the registry?
I know that Windows 7 (Registry) stores the shares that a machine has connected to. Can anybody tell me what the registry location is ?
First off, the "machine" doesn't usually connect to shares; this is an activity that is usually associated with users…I'm not trying to enforce some arbitrary semantics, what I'm trying to do is help reason through the issue at hand.
Next, RegRipper has plugins for extracting information on several locations regarding shares connected to, including
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU
and
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
The first key is populated when the user uses the "Map Network Drive" wizard. The second one is populated when the user connects volumes, and the network shares most often appear as "##server#sharename".
HTH
The OP wasn't asking about shares available on a system; the original question was about "the shares that a machine has connected to", which is something different.
You can disable the Server service on a system, and it will disable any available shares. However, as long as you have the Workstation service running, you can still connect to available shares on remote systems. It's this second artifact that the original poster appears to be asking about.
I agree with harryparsonage.
I could tell you but I didn't know off the top of my head. How does the saying go…
"Give a man a fish he eats for a day. Teach him to fish he, something something something?"You have shares on your windows 7 computer right? if not create one. Make it something strange and unsual.
Something like "JohnnyIsAwesome" Well at least that''s what I used. -)Once created you know there is nothing in the registry with that name because it is unique.
How would you go about finding where it put that in the registry?