Auditing a User

  • Thread starter Thread starter Dan
  • Start date Start date
D

Dan

Is there a way to track a users activity. I want to track everything a user
does on his pc. Im on a windows 2k Network. I only want to track this
certain user not the entire domain.
 
You could stand over his shoulder as he uses his computer.

What specifically are you looking for? Tracking "everything" isn't telling
enough.

Do you want where he goes on the web, what files he opens, where his mouse
pointer was in millisecond intervals?
 
i want to know what files he is using, deleting. Internet i dont really
care. just file acess.

thanks
 
To track everything you would need a keyboard logger but I would NOT do that
without consulting legal and personnel first. Other than that you can use
the built in auditing on a W2K computer though it will record Events for all
users on the computer unless you enable auditing of object access and then
audit folders/files for permissions for that user. If you do such be sure to
audit only for that user and only for exactly what you want to track. If you
try to audit the while system you will have gazillions of 560/562 object
access events recorded in the security log which you will want to increase
substantially from default if you enable folder/file auditing. The links
below should help. Internet access can often be tracked in the firewall logs
by computer IP source address to ports 80/443 outbound for instance. For
most reliability the computer you want to track should have a static IP
address. --- Steve

http://www.comptechdoc.org/os/windows/win2k/win2kauditing.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://www.microsoft.com/technet/security/guidance/secmod128.mspx
 
Steven said:
To track everything you would need a keyboard logger but I would NOT do that
without consulting legal and personnel first. Other than that you can use
the built in auditing on a W2K computer though it will record Events for all
users on the computer unless you enable auditing of object access and then
audit folders/files for permissions for that user. If you do such be sure to
audit only for that user and only for exactly what you want to track. If you
try to audit the while system you will have gazillions of 560/562 object
access events recorded in the security log which you will want to increase
substantially from default if you enable folder/file auditing. The links
below should help. Internet access can often be tracked in the firewall logs
by computer IP source address to ports 80/443 outbound for instance. For
most reliability the computer you want to track should have a static IP
address. --- Steve

http://www.comptechdoc.org/os/windows/win2k/win2kauditing.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://www.microsoft.com/technet/security/guidance/secmod128.mspx
Click to expand...
That could get very interesting.
About 3 years ago I caught one of the mechanical engineers storing 'XXX'
mpegs on the company server under his account. This was just on a pass
at cleaning up some of the old junk on the server, so I wonder what else
he did on the companies account that didn't get caught.
Be careful what you ask for because you might get it and then some.
Bill Baka
 
Back
Top