logging user activity in windows

[Guest]

I am not sure what is the name of the product however i am trying to find out
if microsoft makes a product that functions like a syst log server. I need
to know if someone printed or deleted a document if called on by management.
If microsoft does not make such a product does anyone know of a product that
i can use in a microsoft heavy enviorment.

 

[Steven L Umbach]

There is extensive logging built into Windows 2000 and newer operating
systems. You can enable it via the appropriate security policy such as local
[secpol.msc] or via domain Group/Security Policy. The results are recorded
in the security logs available through Event Viewer. I believe there are
also properties for the printers that can be configured under file/server
properties/advances in the printers Management Console which will cause
print related events to show in the system log via the printer spooler. The
link below is a great article on auditing in Windows 2000/XP/2003. Note that
auditing of object access and then for folders/files can generate huge
amounts of entries in the security log, so If you do enable it be sure to
audit bare number of folders/files for bare number of permissions/for bare
number of users to get the job done and avoid auditing for everyone and
users groups. --- Steve

http://www.microsoft.com/technet/security/guidance/secmod144.mspx

 

[Guest]

I am totally aware that i can do that. The only problem as you mentioned is
the size of the logs that are generated. There is also another issue with
the collection of logs. It's impossible to collect that many logs from 100
servers so i am trying to find a way to collect all the logs in one central
place and be able to search against that database. I know microsoft is
coming out with a product however i wanted to know if there is anything new

There is extensive logging built into Windows 2000 and newer operating
systems. You can enable it via the appropriate security policy such as local
[secpol.msc] or via domain Group/Security Policy. The results are recorded
in the security logs available through Event Viewer. I believe there are
also properties for the printers that can be configured under file/server
properties/advances in the printers Management Console which will cause
print related events to show in the system log via the printer spooler. The
link below is a great article on auditing in Windows 2000/XP/2003. Note that
auditing of object access and then for folders/files can generate huge
amounts of entries in the security log, so If you do enable it be sure to
audit bare number of folders/files for bare number of permissions/for bare
number of users to get the job done and avoid auditing for everyone and
users groups. --- Steve

http://www.microsoft.com/technet/security/guidance/secmod144.mspx

I am not sure what is the name of the product however i am trying to find
out
if microsoft makes a product that functions like a syst log server. I
need
to know if someone printed or deleted a document if called on by
management.
If microsoft does not make such a product does anyone know of a product
that
i can use in a microsoft heavy enviorment.

 

[Steven L Umbach]

LanGuard makes a product that may interest you and I believe they have a
time limited trial download. Otherwise EventComb, which is free from
Microsoft, can scan other computers logs using a variety of search criteria
to create a report. SysInternals has a free command line tool called
PsLogList which also may be of interest. There very well may be other new
products to manage large networks, but I am not aware of them as I have a
pipsqueak network. -- Steve

http://www.gfi.com/lanselm/ -- LanGuard
http://www.sysinternals.com/ntw2k/freeware/psloglist.shtml -- PsLogList

I am totally aware that i can do that. The only problem as you mentioned
is
the size of the logs that are generated. There is also another issue with
the collection of logs. It's impossible to collect that many logs from
100
servers so i am trying to find a way to collect all the logs in one
central
place and be able to search against that database. I know microsoft is
coming out with a product however i wanted to know if there is anything
new

There is extensive logging built into Windows 2000 and newer operating
systems. You can enable it via the appropriate security policy such as
local
[secpol.msc] or via domain Group/Security Policy. The results are
recorded
in the security logs available through Event Viewer. I believe there are
also properties for the printers that can be configured under file/server
properties/advances in the printers Management Console which will cause
print related events to show in the system log via the printer spooler.
The
link below is a great article on auditing in Windows 2000/XP/2003. Note
that
auditing of object access and then for folders/files can generate huge
amounts of entries in the security log, so If you do enable it be sure to
audit bare number of folders/files for bare number of permissions/for
bare
number of users to get the job done and avoid auditing for everyone and
users groups. --- Steve

http://www.microsoft.com/technet/security/guidance/secmod144.mspx

I am not sure what is the name of the product however i am trying to
find
out
if microsoft makes a product that functions like a syst log server. I
need
to know if someone printed or deleted a document if called on by
management.
If microsoft does not make such a product does anyone know of a product
that
i can use in a microsoft heavy enviorment.

 

[Guest]

I have been using an eval of LanGuard SELM for a little over a week now. It
will do what you are looking for. It works really well and you can use it to
track other event logs as well.

LanGuard makes a product that may interest you and I believe they have a
time limited trial download. Otherwise EventComb, which is free from
Microsoft, can scan other computers logs using a variety of search criteria
to create a report. SysInternals has a free command line tool called
PsLogList which also may be of interest. There very well may be other new
products to manage large networks, but I am not aware of them as I have a
pipsqueak network. -- Steve

http://www.gfi.com/lanselm/ -- LanGuard
http://www.sysinternals.com/ntw2k/freeware/psloglist.shtml -- PsLogList

I am totally aware that i can do that. The only problem as you mentioned
is
the size of the logs that are generated. There is also another issue with
the collection of logs. It's impossible to collect that many logs from
100
servers so i am trying to find a way to collect all the logs in one
central
place and be able to search against that database. I know microsoft is
coming out with a product however i wanted to know if there is anything
new

There is extensive logging built into Windows 2000 and newer operating
systems. You can enable it via the appropriate security policy such as
local
[secpol.msc] or via domain Group/Security Policy. The results are
recorded
in the security logs available through Event Viewer. I believe there are
also properties for the printers that can be configured under file/server
properties/advances in the printers Management Console which will cause
print related events to show in the system log via the printer spooler.
The
link below is a great article on auditing in Windows 2000/XP/2003. Note
that
auditing of object access and then for folders/files can generate huge
amounts of entries in the security log, so If you do enable it be sure to
audit bare number of folders/files for bare number of permissions/for
bare
number of users to get the job done and avoid auditing for everyone and
users groups. --- Steve

http://www.microsoft.com/technet/security/guidance/secmod144.mspx

I am not sure what is the name of the product however i am trying to
find
out
if microsoft makes a product that functions like a syst log server. I
need
to know if someone printed or deleted a document if called on by
management.
If microsoft does not make such a product does anyone know of a product
that
i can use in a microsoft heavy enviorment.